How big is your shadow?


Published on

Launch night presentation from Digital Shadows at London's Innovation Warehouse, August 3rd 2011.
Digital Shadows protects organisations from targeted attacks by reducing their exposure to hostile reconnaissance.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • [Don TapscottWikiNomics quotes; The Wisdom of Crowds, Surowiecki; The Long tail]
  • Majority of security compromises are due to people not computers. As technical protection improves, we are seeing a shift to attacks masquerading as legitimate communications.Social engineering is critical, and relies on a good knowledge of the target, and tailoring the attack to suit.
  • "not for distribution" confidentialinurl:adminintitle:login
  • April 2011: A targeted cyber attack succeeded in breaching the security firm RSA to the cost of $66m in this quarter alone.Identified Adobe Flash vulnerabilityLocated email addresses and personal details of two HR workers and sent an attachment labeled “2011 Recruitment Plan”
  • How big is your shadow?

    1. 1. How big is your shadow?<br />03 August 2011<br />The Innovation Warehouse, London<br />TM<br />
    2. 2. Agenda<br />Introductions<br />What is a digital shadow?<br />What are the implications?<br />How do you regain control?<br />Q&A<br />
    3. 3. Q: What is a digital shadow?<br />A: The trail left by an entity's interactions with the Internet<br />For an organisation this may include:<br />Technical information e.g.<br />Server names<br />Server locations<br />Software versions<br />Organisation information e.g.<br />Locations<br />Organisation structure<br />Security practices<br />Personal information e.g.<br />Employee movements<br />Friends<br />Interests<br />
    4. 4. A real example of a digital shadow<br />This visualisation was produced by one of the visualisation tools we use<br />Each node represents a data item discoverable from the Internet about an organisation<br />
    5. 5. “Sharing is growing at an exponential rate”<br />Mark Zuckerberg, <br />CEO, Facebook<br />July 2011<br /><ul><li>Over 30 billion pieces of content (links, notes, photos, etc.) are shared on Facebook per month [source mashable]</li></li></ul><li>And it’s not just Facebook…<br />Sources used for information sharing online<br />
    6. 6. It’s definitely not just Facebook…<br />Source:<br />
    7. 7. The evolving Internet is a real force for good<br />We can collaborate and self-organise for the common good<br />Haiti Earthquake Response – Open Streetmap critical in co-ordinating the relief effort<br />Arab Spring use of social media has been a factor to the social revolution in the middle east<br />We can share knowledge and experiences in ways hitherto impossible<br />We are fully in favour of the social web!<br />
    8. 8. Some interesting statistics<br />Sources: Sophos, Max Planck Institute, Facebook<br />Our own research indicates 72% of employees divulge information online that could be used in a targeted attack<br />
    9. 9. Hostile reconnaissance<br />90% of the time a hacker spends is conducting reconnaissance. (CEH) <br />200% increase in targeted attacks (Cisco 2011)<br />The risks are evolving with the Internet…<br />
    10. 10. Risk area: hackers tools and techniques<br />1623 Google Search Terms used to Identify:<br />sensitive documents, <br />accidental leaks, <br />misconfigured software and much much more…<br />Enabled by tools<br />Footprinting security research tools (example PatervaMaltego) <br />APIs – attackers use for data mining the social web<br />Specialist search engines now available for vulnerability scanning<br />
    11. 11. Risk area: social engineering/coercion<br />Hello IT.. <br />Have you tried turning it off and on again? <br />Certainly, I need you to answer a few security questions first.<br />OK Mr Rhenholm, What’s your Telephone Extension<br />Date of Birth?<br />Name of line manager?<br />Thank you Sir, your password is reset. It’s £Wednesday1970<br />I seem to have forgotten my password! I need to get to my files right now!<br />OK, fire away!<br />Sure, that’s 98-1234<br />Ahem, well that’s.. <br />1st April 1970<br />That would be RenholmSnr.<br />Thank you! Good Bye!<br />
    12. 12. Risk Area: social engineering/coercion<br />Extension on a leaked telephone list<br />LinkedIn provided line manager details<br /> provided a birthdate for Mr Manager of East Croydon<br /><ul><li>Attacker later looked at the ‘technical shadow’ to locate a remote email access point for Reynholm industries
    13. 13. Also once the password format is known, it’s much easier to brute force for other users</li></li></ul><li>Risk area: a targeted ‘spear phishing’ attack<br />“The first thing actors like those behind [the attack on RSA] do is seek publicly available information about specific employees – social media sites are always a favorite…<br />You don't bother to just simply hack the organisation and its infrastructure; you focus much more of your attention on hacking the employees“<br />The RSA blog<br />
    14. 14. Example: Tibetan human rights group attack<br />Organisation information<br />- Already obtained?<br />Personal information<br />- Already obtained?<br />Technical information<br />- Link would have collected the technical shadow: MS Office, Flash, Adobe Acrobat, browser etc.<br />- Near-guarantees the success of a future attack<br />Source:<br />
    15. 15. We need a solution...<br />Aaah !<br />Aarrgh !<br />So what should be done to address these risks?<br />
    16. 16. Five practical steps<br />1<br />Continue existing security programmes<br />✔<br />Continue existing security programmes<br />Monitor your shadow<br />2<br />Set helpful guidelines<br />3<br />Clean up your shadow<br />4<br />Know your foe<br />5<br />
    17. 17. Five practical steps<br />1<br />Continue existing security programmes<br />✔<br />Continue existing security programmes<br />Monitor your shadow<br />2<br />Set helpful guidelines<br />3<br />Clean up your shadow<br />4<br />Know your foe<br />5<br />
    18. 18. Our specialist services<br />Risk Assessment<br />Monitor your shadow<br />Set helpful guidelines<br />1<br />2<br />3<br />Clean up your shadow<br />4<br />VIP Protect<br />Organisation Monitoring<br />Know your foe<br />5<br />
    19. 19. A typical engagement<br />
    20. 20. Conclusion<br />Your digital shadow is not benign<br />We can help you regain control<br />This is a job for specialists<br />TM<br />Protecting organisations from hostile reconnaissance and targeted cyber attacks <br />
    21. 21. Digital Shadows Ltd<br />145 -157 St John Street<br />London <br />EC1V 4PY<br />United Kingdom<br />+44 (0)208 123 7894<br /><br />TM<br />Digital Shadows Ltd is registered in England and Wales under No: 7637356.<br />Registered office: 53 Gildredge Road, Eastbourne, East Sussex, BN21 4SF<br />Copyright 2011 Digital Shadows Ltd. ALL RIGHTS RESERVED.<br />