• Save
Identify Theft
Upcoming SlideShare
Loading in...5

Identify Theft



Identity Theft Presentation at Infosec Cyprus 2007.

Identity Theft Presentation at Infosec Cyprus 2007.



Total Views
Views on SlideShare
Embed Views



16 Embeds 1,269

http://www.esgulf.com 1162
http://translate.googleusercontent.com 32
http://4sec.blogspot.com 16
http://cyberinsp.blogspot.com 14
http://anchisesbr.blogspot.com 9
http://nipissinguais2008.pbwiki.com 9
http://cyberinsp.blogspot.in 7
http://www.slideshare.net 5
http://www.linkedin.com 4
http://anchisesbr.blogspot.com.br 4
http://4sec.blogspot.co.uk 2
https://www.linkedin.com 1
http://feeds.feedburner.com 1
http://blogtaller.nirewiki.com 1 1
http://4sec.blogspot.in 1


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


14 of 4 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • great presentation,can U please kindly email me with that presentation..... thanx.
    Are you sure you want to
    Your message goes here
  • base on your slideshow, and i have conclusion....'nice main idea'.so,can U please kindly email me with that presentation.......thx......akhyar.teach@gmail.com
    Are you sure you want to
    Your message goes here
  • Very informative Jorges! Thank you for sharing this with us, Graham
    Are you sure you want to
    Your message goes here
  • Excellent awareness show .... congragulations on this professional piece of work Jorge
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Identify Theft Identify Theft Presentation Transcript

  • Identity Theft Jorge Sebastião Founder and CEO
  • May 2006 – Veterans Administration laptop with personal information on 26.5M veterans is stolen. “Total losses could top $500M.” – VA Secretary Nicholson Jan 2007- Hackers stole data from at least 45.7 million credit and debit cards at retailer T.J.Maxx – total costs could exceed $1.0B May 2006 – CIO, CSO fired Ohio University 137,000 student accounts compromised
  • More Stats
    • 2007 Breaches ID Theft Resource Center as of: Oct 2007
    • Total Breaches: 305
    • Records Exposed: 76,734,967
  • News
  • More sophisticated Attacks
  • What happens when Hackers grow UP? Criminals
  • ATM Attack-1
  • ATM Attack-2?
  • Skimmer • Capacity > 2500 credit cards • 40 hours Operations • Panic button can deleted information to avoid prosecution. • Cost = $500
  • Credit Cards for Sale
  • Identity Theft brokers
  • What Is Identity Theft?
    • Acquisition of key pieces of someone’s identifying information to impersonate them.
    • Includes:
      • Name
      • Address
      • Date of Birth
      • Social Security Number
      • Driver Licenses
      • Student Memberships
      • Mother’s Maiden Name
      • Credit Card Number
      • ATM PIN’s
      • Bank Account Numbers
  • ID Theft– The old way
    • Stolen wallets + purses
    • Pickpocket
    • Stolen mail (snail mail)
    • “ Dumpster Diving” and “Trash Rips”
    • Telephone scams
  • ID Theft– New Way Phishing / Pharming Hijack/Skimming
  • Online Applications Role **2007 top 5-WOASP attacks
    • Online skimming
    • Mal-ware
    • Key loggers
    • Social Engineering
    • Wireless phishing
    • Botnets
    • Spyware
    Victim's browser sends a pre-authenticated request to a vulnerable web application, which then executes hostile actions in the browser. Cross Site Request Forgery (CSRF) 5 Attackers can manipulate information exposed as a URL or form parameter without authorization. Insecure Direct Object Reference 4 Include hostile code and data in file accepted by web application, resulting in devastating attacks, such as total server compromise. Malicious File Execution 3 Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. Injection Flaws 2 XSS flaws occur whenever an application takes user supplied data & sends it to a web browser without first validating that content. Cross Site Scripting (XSS) 1
  • Social Engineering
  • Social Engineering
    • … 70 percent of those asked said they would reveal their computer passwords for a …
    Schrage, Michael. 2005. Retrieved from http://www.technologyreview.com/articles/05/03/issue/review_password.asp?p=1 Bar of chocolate
  • People is the biggest problem?
    • DETER - Deter identity thieves by safeguarding your information
    • DETECT – Detect suspicious activity by routinely monitoring your financial accounts and billing statements
    • DEFEND - Defend against identity theft as soon as you suspect a problem
  • DETER = Protect
    • Shred all documents. Cross shred is preferred.
    • Do not carry extra credit cards.
    • Don’t give personal information over the telephone, or internet.
    • Remove mail promptly from mailbox.
    • Deposit outgoing mail at Post Office.
    • Don’t leave receipts at the point of sale.
    • Memorize pins, social security numbers, and passwords.
    • Sign all new credit cards.
    • Match receipts to monthly billing statements.
    • Notify Financial Institutions in advance of address changes.
    • Keep your information secure
    • Be alert
      • Mail or bills that don’t arrive
      • Denials of credit for no reason
    • Inspect your credit report
      • Law entitles you to one free report a year from each nationwide
      • credit reporting agencies if you ask for it
      • Online: www.AnnualCreditReport.com by phone: …
      • or by mail: …
    • Inspect your financial statements
      • Look for charges you didn’t make
  • DEFEND = Respond
    • Place a “Fraud Alert” on your credit reports by calling any one of the
    • three nationwide credit reporting companies:
      • Equifax
      • Experian
      • TransUnion
      • Review reports carefully, looking for fraudulent activity
    • Close accounts that have been tampered with or opened fraudulently
    • File a police report
    • Contact the Federal Trade Commission
  • Online Resources
  • Old ID Systems ID CARD CPR CARD Driving License
  • Replaced by Modern ID Systems
    • Driving License
    • CPR CARD
    • ID CARD
    Storage CHIP All external information is duplicated In the Chip in addition to other data of the combined cards.
    • encryption
  • Biometrics also victim
  • Banks Credit Card Technological Safeguards Truncation of Account Numbers CISP Verified By Visa Issuers’ Clearinghouse Advanced Authorization CVV Address Verification CVV2 Technology Innovations
  • Free Services to customers
  • End User Awareness
  • Questions? [email_address]