Your SlideShare is downloading. ×
0
Information Systems Division and Technical Services Unit                Digital Deadly Force                Narrative of a...
The Victim: Matt Honan             “In the space of one              hour, my entire              digital life was       ...
Who is Matt Honan            Tech Journalist            Highly cloud             dependent            Astute          ...
The Harm         Google account deleted.         Twitter account          compromised, and used to          broadcast ra...
The Harm         Wiped from existence             iPhone             MacBook Pro             iPad             Two yea...
Timeline: 3 Aug 12 @ 1633          “… according to Apple’s           tech support records,           someone called      ...
Timeline: 3 Aug 12 @ 1650          “password reset           confirmation arrived in my           inbox. … the hackers …....
Timeline: 3 Aug 12 @ 1652          “Gmail password …           password had changed.
Timeline: 3 Aug 12 @ 1700          “… they used iCloud’s           “Find My” tool to remotely           wipe my iPhone.”
Timeline: 3 Aug 12 @ 1700          “my iPhone suddenly           powered down.”          “When I opened my           lap...
Timeline: 3 Aug 12 @ 1702          “they reset my Twitter           password…”
Timeline: 3 Aug 12 @ 1705          “they remotely wiped my           MacBook.…”
Timeline: 3 Aug 12 @ 1705          “they remotely wiped my           MacBook.…”          “… they deleted my           Go...
Timeline: 3 Aug 12 @ 1710          “I placed the call to           AppleCare.”
Timeline: 3 Aug 12 @ 1712          “attackers posted a           message to my account           on Twitter taking credit...
Why Matt Honan        "I asked him why. Was I targeted        specifically? Was this just to get to        Gizmodos Twitte...
Social Engineering              “the art of               manipulating people               into performing              ...
The Sequence of Social       1.   Amazon       2.   Apple       3.   Google       4.   Twitter
Sara Palin 2008         •   September 16, 2008         •   Yahoo! Mail account of             Sarah Palin         •   Crac...
TBI’s CIA   Confidentiality   Integrity   Availability
Identity              Non-repudiation              Access              Factors of Identification                 Somet...
Password and PIN   “Something you know”   “a secret word or string of characters that is    used for authentication, to ...
Password Fatigue        •   Excessive amount of            passwords        •   Leads to careless            password or p...
PIN Formulation         PIN       Freq#1    1234     10.713%    •   Usually 4 digits#2    1111      6.016%    •   Don’t us...
Password Formulation•   A`?KUJj•   47k0O#qt•   4vn1iSA   •   Passwords must contain•   nwDSB/OL       characters from thre...
Password Formulation•   A`?KUJj•   47k0O#qt•   4vn1iSA   •   Since these are tough•   nwDSB/OL•   5*vFXggx•   tF0ylI59   •...
Where to Store Passwords                 •   Password                     Vault                 •   In your               ...
Password CommandmentsThou shalt …1. construct a complex   password2. Use a password vault3. Use dual factor   authenticati...
Password Commandments       Thou Shalt Not ….       1. Share thy Password       2. Use thy dog’s name       3. Write passw...
Before you lose a device ….        Learn if the device has “find         me” features        Encrypt critical data at re...
If you lose a device ….   Report it immediately   BAD NEWS DOES NOT AGE WELL!   FASTER RESPONSE THE BETTER   Consumer ...
Example: iCloud
If you lose a device ….   Locate it
If you lose a device ….   If you can’t retrieve it, wipe it!
Data Classification Concept   Impact to the TBI Mission      High      Medium      Low   High      Reputation and Cr...
On cloud computing           It’s here           It’s not going away               Windows 8               SkyDrive   ...
On cloud computing         Guidance             No PII             Nothing Mission Sensitive             Experiment an...
References   “How Apple and Amazon Security Flaws Led to My Epic Hacking” Wired Magazine August 6, 2012    http://www.wir...
Upcoming SlideShare
Loading in...5
×

Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker

360

Published on

Imagine a day when you wake up … all of your baby pictures are gone.. your iPad and your computer have been wiped .. you have no way of logging in to any of your accounts … the accounts that are tied to your checking, mortgage, bill pay, iTunes…

Kevin Williams and Matt Hall will tell the story of Matt Honan -- a tech savvy technology reporter who was just digitally carjacked -- for his twitter account… and how the hackers manipulated major corporations into aiding and abetting this digital robbery by a 19 year old hacker named Phobia.

Don't have an account? Not a computer guy? Well, your information is stored in companies all over the world where Hackers like PHOBIA lurk to take your identity, monetize it, and use it to all sorts of nefarious purposes.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
360
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • amazon: Call the customer service to add a credit card to his file.Amazon: hang up and call back. My account is locked out. Here is my credit card last four digits and billing address. Please add a new email address. Send account recovery to new email address.Amazon: log in with recovery info and reset password. Can see all the Credit Card numbers on file last 4 digits.Apple: Use original credit card last 4 digits and billing address after claiming amnesia on the security questions.Apple: He gets the mobile me accountGoogle: He goes to google. He resets the google mhonan@gmail.com and the reset is sent to the comprosomised apple mobile me EMAIL account.Twitter: Password reset to the compromised google account.
  • Transcript of "Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker"

    1. 1. Information Systems Division and Technical Services Unit Digital Deadly Force Narrative of a Digital Life DestroyedMatthew Jett Hall Kevin Williams 26 Oct 2012Assistant Director, ISD SAC, TSU
    2. 2. The Victim: Matt Honan  “In the space of one hour, my entire digital life was destroyed.”
    3. 3. Who is Matt Honan  Tech Journalist  Highly cloud dependent  Astute  Tech Savvy  Knows the rules of the road
    4. 4. The Harm  Google account deleted.  Twitter account compromised, and used to broadcast racist and homophobic messages.  AppleID account was seized.
    5. 5. The Harm  Wiped from existence  iPhone  MacBook Pro  iPad  Two years of baby pictures
    6. 6. Timeline: 3 Aug 12 @ 1633  “… according to Apple’s tech support records, someone called AppleCare claiming to be me.”  Apple issued the hacker a temporary password
    7. 7. Timeline: 3 Aug 12 @ 1650  “password reset confirmation arrived in my inbox. … the hackers …. permanently reset my AppleID password.”
    8. 8. Timeline: 3 Aug 12 @ 1652  “Gmail password … password had changed.
    9. 9. Timeline: 3 Aug 12 @ 1700  “… they used iCloud’s “Find My” tool to remotely wipe my iPhone.”
    10. 10. Timeline: 3 Aug 12 @ 1700  “my iPhone suddenly powered down.”  “When I opened my laptop … my Gmail account information was wrong.”
    11. 11. Timeline: 3 Aug 12 @ 1702  “they reset my Twitter password…”
    12. 12. Timeline: 3 Aug 12 @ 1705  “they remotely wiped my MacBook.…”
    13. 13. Timeline: 3 Aug 12 @ 1705  “they remotely wiped my MacBook.…”  “… they deleted my Google account. “
    14. 14. Timeline: 3 Aug 12 @ 1710  “I placed the call to AppleCare.”
    15. 15. Timeline: 3 Aug 12 @ 1712  “attackers posted a message to my account on Twitter taking credit for the hack.”
    16. 16. Why Matt Honan "I asked him why. Was I targeted specifically? Was this just to get to Gizmodos Twitter account [that had been linked to mine]? No, Phobia said, they hadnt even been aware that my account was linked to Gizmodos, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. Thats all they wanted. They just wanted to take it, and [mess it] up, and watch it burn. It wasnt personal.”
    17. 17. Social Engineering  “the art of manipulating people into performing actions or divulging confidential information”
    18. 18. The Sequence of Social 1. Amazon 2. Apple 3. Google 4. Twitter
    19. 19. Sara Palin 2008 • September 16, 2008 • Yahoo! Mail account of Sarah Palin • Cracked by “Rubico” • Social Engineering • From Date of Birth Info on Wikipedia
    20. 20. TBI’s CIA Confidentiality Integrity Availability
    21. 21. Identity  Non-repudiation  Access  Factors of Identification  Something you know  Something you have  Something you are
    22. 22. Password and PIN “Something you know” “a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource”
    23. 23. Password Fatigue • Excessive amount of passwords • Leads to careless password or pin construction
    24. 24. PIN Formulation PIN Freq#1 1234 10.713% • Usually 4 digits#2 1111 6.016% • Don’t use common#3 0000 1.881%#4 1212 1.197% PINs#5 7777 0.745% • Don’t use personal#6 1004 0.616%#7 2000 0.613% information#8 4444 0.526% • SSN#9 2222 0.516% • Birthdate#10 6969 0.512% • Birth year
    25. 25. Password Formulation• A`?KUJj• 47k0O#qt• 4vn1iSA • Passwords must contain• nwDSB/OL characters from three of the• 5*vFXggx• tF0ylI59 these categories:• PvmYk^k• $;T+qha2•• UnJJ:8c8 bU4DuwUM • Password generator in KeePass• bU1H&@56 • Upper Case Character•• BeU;i$X; 4q+!kkgg • Lower Case Character• $qDsrT35 • Base 10 Digit (0 through 9)• %:WbFlzk• HRvqt9j9 • Non-alphanumeric characters:• RcgR^cMt • ~!@#$%^&*_-+=`|(){}[]:;"<>,.?/• dM/`nxR
    26. 26. Password Formulation• A`?KUJj• 47k0O#qt• 4vn1iSA • Since these are tough• nwDSB/OL• 5*vFXggx• tF0ylI59 • Try a PassPhrase:• PvmYk^k• $;T+qha2•• UnJJ:8c8 bU4DuwUM • SteveFound4ApplesAndAFlute@hischair• bU1H&@56 • 6TacosAreDelicious@YourLocalTacoMart• BeU;i$X;• 4q+!kkgg• $qDsrT35• %:WbFlzk• HRvqt9j9• RcgR^cMt• dM/`nxR
    27. 27. Where to Store Passwords • Password Vault • In your mind!
    28. 28. Password CommandmentsThou shalt …1. construct a complex password2. Use a password vault3. Use dual factor authentication4. Protect thy mobile devices
    29. 29. Password Commandments Thou Shalt Not …. 1. Share thy Password 2. Use thy dog’s name 3. Write passwords on sticky notes 4. Use common words 5. Keep passwords in word documents
    30. 30. Before you lose a device ….  Learn if the device has “find me” features  Encrypt critical data at rest  Think carefully about what goes on the device  Don’t let unauthorized personnel utilize your device  Lock your device whenever you step away
    31. 31. If you lose a device …. Report it immediately BAD NEWS DOES NOT AGE WELL! FASTER RESPONSE THE BETTER Consumer in Control  Apple: iCloud.com  Microsoft Exchange  Blackberry: No self service
    32. 32. Example: iCloud
    33. 33. If you lose a device …. Locate it
    34. 34. If you lose a device …. If you can’t retrieve it, wipe it!
    35. 35. Data Classification Concept Impact to the TBI Mission  High  Medium  Low High  Reputation and Credibility  Exposing Personal Information  Exposing Sensitive Operations Information
    36. 36. On cloud computing  It’s here  It’s not going away  Windows 8  SkyDrive  DropBox  Google Drive  Google Applications  iCloud
    37. 37. On cloud computing  Guidance  No PII  Nothing Mission Sensitive  Experiment and learn  Preserve CIA  REALLY read terms of service
    38. 38. References “How Apple and Amazon Security Flaws Led to My Epic Hacking” Wired Magazine August 6, 2012 http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ Flickr Baby Photo: http://goo.gl/q2hSO Datagenetics.com PIN Anlaysis: http://goo.gl/bCGGW Security Now Episode 364: Twit.tv Security Now Episode 364: Transcript from grc.com Apple iCloud How to: http://www.apple.com/icloud/setup/ios.html Apple iCloud: icloud.com Sara Palin Email Hack: http://en.wikipedia.org/wiki/Sarah_Palin_email_hack Clipart: openclipart.org Social Engineering: http://en.wikipedia.org/wiki/Social_engineering_(security) Password: http://en.wikipedia.org/wiki/Password
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×