Your SlideShare is downloading. ×
Techy Things lawyers need to know
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Techy Things lawyers need to know

594
views

Published on

A very general introductory presentation for the Law Society on NSW on Internet, Technology and relationship to current criminal and civil law. …

A very general introductory presentation for the Law Society on NSW on Internet, Technology and relationship to current criminal and civil law.

Looks at the fraud ecosystem and the players that make money. From malware, keylogging, phishing, trojans, carders (folks who sell stolen identities), fraud thru to copyright issues and new business models for selling songs and finishing up with workplace policies and acceptable behaviour on social networks.

Published in: Technology, Business

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
594
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Law Reform Commission’s long awaited report on Australia’s Privacy Laws tabled in Federal Parliament on 11 August 20081. By any measure the ALRC’s report and the work that has gone into it is big. It is 2700 pages long with 74 chapters and 295 recommendations, and by all accounts if you print it all out, it will come in at over 5kg. The original reference was made over 2 and a half years ago and under a different Government. More importantly the ALRC undertook an enormous volume of work to complete this report, including 585 written submissions, 3 major public forums, over 200 hundred face to face meetings, roundtables with stakeholders, and a 2 day phone in, with over 1000 members of the public calling the ALRC to share their opinions.
  • Transcript

    • 1.
      • Hamish Fraser - Partner, Truman Hoyle
      • David Jones – CTO & Founder, ThreatMetrix
      • Did You Know
      Techy things that lawyers need to know
    • 2. If you think that was fast…
      • Hacking and Cybercrime
      • is a war of countermeasures
    • 3. Cybercrime Foodchain (organised, cellular, distributed, technically skilled) ThreatMetrix Confidential Credit: Verisign
    • 4. Cybercrime is mostly dealt with “in the trenches” ????
      • When credit-cards, logins and identities are
      • Stolen and traded - verifying or forensically
      • investigating is time consuming and flawed.
      • Mostly prevention rather than remedy:
      • Local criminals pretending to be Overseas
      • Overseas criminals pretending to be Local
    • 5. Step 1: Get some stolen ID/Card
    • 6. Step 2: Bad Guys hide location with proxies and anonymisers
      • Countermeasure:
      • Reveal True IP and Location
      UTC+2
    • 7. Synthetic Identities generated by Fraudster spoofing IP Transaction Time Threatmetrix Device ID Account Email Browser Lang. Masked IP Add. Masked IP City 8/25/2008 17:24 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 66.79.172.10 New York 8/25/2008 18:17 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 208.77.47.109 New York 8/27/2008 12:57 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 78.129.235.30 Brussels 8/28/2008 12:25 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 208.77.43.80 New York 8/28/2008 19:09 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 204.16.192.197 Los Angeles 9/3/2008 13:33 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 64.32.7.84 Kalispell 9/5/2008 12:24 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 66.79.172.10 New York 9/12/2008 13:08 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 78.129.235.35 Brussels 9/12/2008 13:20 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 205.209.175.5 Los Angeles 9/12/2008 16:48 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 66.79.172.100 New York 9/16/2008 14:33 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 204.16.195.71 New York 9/17/2008 14:19 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 75.126.8.13 New York 9/18/2008 11:59 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 75.126.8.13 New York 9/18/2008 12:56 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 208.101.53.226 New York 9/18/2008 15:02 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 75.126.8.10 New York 9/19/2008 12:38 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 208.101.53.230 New York 9/19/2008 13:25 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 78.129.235.34 Brussels 9/19/2008 18:40 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 208.98.30.90 Kalispell 9/22/2008 16:51 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 208.101.53.227 New York 9/22/2008 17:35 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 75.126.8.13 New York 9/22/2008 19:13 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 75.126.8.13 New York 9/24/2008 17:29 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 66.2228.113.2 New York 9/25/2008 12:45 cf3fad94727611dd800000167e5d5632 [email_address] zh-cn 64.32.7.97 Kalispell One Month Same Device 23 User Names In China Pretending to be in…
    • 8. Botnets: Ultimate Anonymity
    • 9. Botnet: DDOS impact (Distributed Denial of Service, rentable by the hour!)
    • 10. Faking Emails
    • 11. Faking Emails (manual and 5mins work)
    • 12. Faking Emails (or send millions with a Botnet)
    • 13.  
    • 14. Why merchants need “some” info With ThreatMetrix [Fraud Stopped 1 st time] Using old-school “velocity” detection[Fraud stopped on 5 th try] ThreatMetrix Confidential Stop fraud first time by detecting and piercing proxies to discover true location of device Stops Fraud First Time
    • 15. CloudComputing Security
      • PCI – Visa/Mastercard
        • TJMAX, Heartland Breaches
      • PII – Personally Identifiable Information (SSN, DOB, Drivers License, combinations)
      • Problem for data owners:
      • Quite often they are not competent
      • Outsourced Development has risks
      • Zero-day flaws = Its easier to hack than protect (?)
    • 16. Privacy and ALRC
      • Australian Law Reform Commission (ALRC) report in Aug 2008 (after 2 ½ yrs)
      • 2,700 page report making 295 recommendations
      • 2 parts, the easy (18 months) and the hard (no likely time frame)
      • Nothing yet!
    • 17. Not much better in USA
      • CA SB1386 (PII)
      • “ (e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. ”
      • Or not
        • email address?
        • Combinations?
        • EU?
    • 18.
      • Play Channel 7 Video seven.mp4
    • 19.  
    • 20.  
    • 21. Google Buzz: Whats wrong with this picture? BTW, Why can “I” see this?
    • 22. Other ways to offend other laws
      • Twitter
      • Blogs
      • Gaming
      • Web 2.0 (UGC)
      • Defamation
      • Vilification
      • TPA
    • 23.  
    • 24. What issues arise here?
    • 25. Copyright
      • Filesharing
      • iiNet wasn't authorising
      • Lily Allen was offended, but still got it wrong!
      • Google images misconception. Google Books
      • YouTube content
      • General confusion
    • 26.
      • JK Wedding
    • 27. Chris Brown - Forever
      • Song was released in May 2008
      • JK Wedding in July 2009 (43M views – 16M in first 10 days)
      • Got to #6 in iTunes Downloads in July 2009
      • What happened?
    • 28.  
    • 29. Chasing Copyrighted content is tough
      • Digital Checksums/Fingerprints
      • Watermarks
      • Steganography
      • Media manipulation is easy (Shenzhen image touchup sweatshop)
      • Photoshop in dating and outsourcing market (faked DL’s passports and avatars)
    • 30. Questions? (Slides at: http://www.slideshare.net/djinoz )
      • David
      • @djinoz
      • http ://djinoz.com
      • http://www.google.com/profiles/ david.jones
      • Hamish
      • http://www.trumanhoyle.com.au/people.htm
      • http://twitter.com/hkbf
      • http://au.linkedin.com/pub/hamish-fraser/4/9a5/306

    ×