Your SlideShare is downloading. ×
File000155
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

File000155

102
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
102
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Module XLII - Investigating Computer Data Breaches
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Hacker Accesses UF Dental Patient Data Source: http://www.gatorsports.com/ By Nathan Crabbe Published: Thursday, November 13, 2008 at 6:01 a.m. A hacker accessed a University of Florida College of Dentistry computer server containing personal information of more than 344,000 current and former dental patients, UF announced Wednesday. The information included names, addresses, birth dates, Social Security numbers and dental procedure information for patients dating back to 1990. College staff members discovered the breach Oct. 3 while upgrading the server, finding that unauthorized software had been installed on it from a location outside the university. UF officials have no evidence at this time that the hacker used the information for fraudulent purposes, said Melanie Fridl Ross, a spokeswoman for UF's Health Science Center. "It's sort of like someone coming home and finding that their door is open, but it's unclear if any valuables have been taken," she said. FBI and University Police officers are investigating. Letters were mailed Monday to alert 336,234 patients about the breach. The university is seeking addresses for another 8,248 patients with data on the server. A hot line, 1-866-783-5883, has been established for patient questions. Patients can call the hot line to find out exactly what information was contained on the server, Ross said. College of Dentistry Dean Teresa Dolan said the college keeps electronic records of dental procedures, but not on medications or chronic illnesses. The breach involved patient information from the college's clinics on the main UF campus, the east side of Gainesville, and in Hialeah and Jacksonville, she said. Medical identity theft is a growing problem, said Paul Stephens, director of policy and advocacy for the San Diego-based nonprofit Privacy Rights Clearinghouse.
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Extortion Used in Prescription Data Breach Source: http://www.washingtonpost.com/ FBI Investigating Threat Against Express Scripts Customers By Brian Krebs Saturday, November 8, 2008; Page D01 One of the nation's largest processors of pharmacy prescriptions said this week that extortionists are threatening to disclose personal and medical information about millions of Americans if the company fails to meet payment demands. St. Louis-based Express Scripts said Thursday that in early October it received a letter that included the names, birth dates, Social Security numbers and, in some cases, prescription data on 75 of its customers. The authors threatened to expose millions of consumer records if the company declined to pay up, Express Scripts said in a statement. Chief executive George Paz said in the statement that Express Scripts has no intention of paying and that his company is working with the FBI to track down those responsible for the scam. Express Scripts is the third-largest U.S. pharmacy benefit management firm, which processes and pays prescription drug claims. Working with more than 1,600 companies, it handles roughly 500 million prescriptions a year for about 50 million Americans. Express Scripts has notified its clients of the threat. Fairfax County Public Schools yesterday sent a letter to employees alerting health-plan participants who use Express Scripts to the breach. "FCPS is deeply concerned about this kind of breach, which could adversely affect our employees," Superintendent Jack D. Dale said in the letter. "We expect and deserve the highest level of security when we entrust our vendors to handle our employees' personal information." The letter was delivered by mail, said company spokesman Steve Littlejohn. He declined to say how much money the extortionists were demanding. He added that the company is trying to determine how the data were stolen. "We know where the data came from by looking at it, but precisely how it was accessed is still part of the investigation," Littlejohn said.
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • How Computer Data Breaches Occur • Investigating the Local Machine • Investigating the Network • Countermeasures This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow How Computer Data Breaches Occur Investigating the Local Machine Investigating the Network Countermeasures
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How Data Breaches Occur
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Using the External Memory Devices Data can be stolen using external memory devices External memory devices are available with a capacity of 64 MB to 250 GB USB ports are used to transfer the data External hard disks can be used to copy the complete hard disk data CD/DVD’s are used to burn the important data
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Using the Internet • Sending files through email • Sharing files through webhosting services • Uploading files in FTP servers • Transferring files using IMs Internet is used for the breaches listed below:
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Using Cell Phones and iPods Mobile phones come with external memory where the data can be stored up to 32GB Data can be carried using such mobile phones iPods are also used to carry important files
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Using Malware Malware includes computer viruses, worms, Trojan horses, rootkits, spyware, dishonest adware, and other malicious and unwanted software Trojans and rootkits are used to steal the sensitive data Using malware, attackers can gain access and remotely access the victim’s system
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Others Techniques • These techniques can be used to encrypt the information and hide the communication so that it becomes difficult to detect data leakage Cryptography and Steganography techniques: • Attackers or insiders may change the file extensions so that the data files may appear to be some other type of file, for example a .xls extension may be changed to a .jpg extension to hide the data theft Changing the file extension types:
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigating Local Machine
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Registry Editor Registry editor should be checked for any external memory devices used Tools such as USBDeview, MyUSBOnly can be used to check the name, date, and time of external memory devices used
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check For CD/DVD Burning Software Check the local machine for any CD/DVD burning software installed Check for the recent projects in such software Collect the information such as data burnt, time, and user
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Browsing History Web browsers are a vital key for interacting with the Internet Check the local machine’s browsing history Cache may contain the temporary web page files Cookies contain stored database session or some other piece of information Tool ‘Cookie Viewer’ discovers the information that web sites store on the user’s computer
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Downloads Check the local machine download history whether the user has downloaded any FTP clients, IMs, or any other software Using the browsing and downloads history, the information regarding the FTP clients, web hosting services, and IMs are known
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Email History Check for suspicious mail in sent mail history Check the attachments for such email Check the trash for the deleted files
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check for Suspicious Software Check the local machine for any mobile drivers installed Check for any data encryption, cryptography, and steganography software Magic Lantern software allows agents to decode the hard to break encrypted data of the criminal suspects
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigating Network
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Firewall Check the firewall where individual browsing details are logged • Sites visited • Downloads Check the amount of data transferred from a particular IP address Check the router logs
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Mail Server Check the mail server for all the incoming and outgoing emails Open and check the attachments Collect the email IDs where the data is transferred
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check the Printers Check the printer for any data has been taken in the form of print outs
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Countermeasures
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Countermeasures Create different accounts such as admin, guest, and user to provide limited access Ensure critical data files are backed up and the backups are securely stored in another location Establish policies and procedures for computing and file access Disable the USB ports
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Countermeasures (cont’d) Install anti-virus and update it regularly Install Email, USB, and IM monitoring software Implement administrative, physical, and technical controls Train employees to safeguard the data
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Data can be stolen using external memory devices Files can be shared through emails and webhosting services Cryptography and Steganography techniques are used to send the data Cookies contain stored database session or some other piece of information Check the local machine download history whether the user has downloaded any FTP clients, IMs, or any other software Check for any data encryption, cryptography, and steganography software Check the mail server for all the incoming and outgoing mails Create different accounts such as admin, guest, and user to provide limited access
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited