WHY HACKERS HACK?
• For material
benefits
• For status
• For vengence
(justice?)
• For fun
• For nothing
• For goodness
Ph...
WHAT HACKERS DO
• White hat, black hat
• Targeted or for all
• Security exploits
• From virus to malware
• Social engineer...
DAILY BAD NEWS
IT CAN BE WORSE: STUXNET (2010)
Graphic from
IEEE Spectrum
STUXNET
• Targeting critical infrastructure
• State-backed (American and Israeli intelligence)
• Targeting Iranian nuclear...
WHO IS HE?
• Born June 21, 1983
• High school dropout
• Worked for NSA, then CIA, then employed by
subcontractor Booz Alle...
FIRST, IT WAS VERIZON…
• First revealed by the Guardian (UK), NSA granted a
court order under FISA (Foreign Intelligence
S...
AND THEN, THERE WAS PRISM
• A "clandestine mass electronic
surveillance data mining program"
since 2007, after the passage...
MORE OF SNOWDEN’S REVELATIONS
• More secret programs to be revealed…
• 4 surveillance programs (US)
• MAINWAY
• MARINA
• N...
WHAT ABOUT OTHER COUNTRIES?
 British – Tempora (sharing information with the US)
 France – "collects signals from device...
SNOWDEN ON HONG KONG
• Why he chose to
come to Hong Kong?
• He told SCMP:
• Hacking into
computers/servers
in HK and China...
WORK IN COUNCIL
- June 15 rally
outside USCG
- June 19: followup on
urgent oral question;
amendment passed on
―building a ...
THE DEMANDS
• Seeking response from the US government
• HKSARG sent a letter to the US government on June
21 – no answer
•...
GOVERNMENT’S RESPONSE
• No problem, it’s all fine – ―we are not aware of any
problems‖
• Repeating:
• OGCIO’s infosec webs...
何必,只顧政治化?
原文:《天下烏鴉一般黑 — 如何平衡國家安全、個人私隱和通訊自由》
http://rthk.hk/mediadigest/20130715_76_123001.html
What are the implications?
WHAT NEXT?
• The US or other governments can
view almost everything they want
• Can we still trust the Internet and
cloud ...
IS FISA JUST AND FAIR?
FISA (Foreign Intelligence Surveillance Act)
• Repeatedly enforced after 911 attacks
• Said to be f...
IS FISA JUST AND FAIR?
• The United Nations Human Rights Commission
recently discussed about regulating surveillance
techn...
WHAT SHOULD WE DO?
• World class information security
capabilities in HK
• Highest density of CISSPs in the
world
• SMEs a...
Charles Mok
Legislative Councilor (Information Technology)
charles@charlesmok.hk
www.charlesmok.hk
Facebook: Charles Mok B...
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Towngas Infomation Security Week 2013 presentation
Upcoming SlideShare
Loading in …5
×

Towngas Infomation Security Week 2013 presentation

613 views

Published on

Presentation to Towngas employees in the inaugural talk of its 2013 Information Security Week activity

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
613
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Towngas Infomation Security Week 2013 presentation

  1. 1. WHY HACKERS HACK? • For material benefits • For status • For vengence (justice?) • For fun • For nothing • For goodness Photo from Google
  2. 2. WHAT HACKERS DO • White hat, black hat • Targeted or for all • Security exploits • From virus to malware • Social engineering: phishing, baiting • Botnets • DDOS • From PC to mobile
  3. 3. DAILY BAD NEWS
  4. 4. IT CAN BE WORSE: STUXNET (2010) Graphic from IEEE Spectrum
  5. 5. STUXNET • Targeting critical infrastructure • State-backed (American and Israeli intelligence) • Targeting Iranian nuclear facilities • Spread via Microsoft Windows • Targets Siemens industrial control systems – controlling, monitoring these systems • Spread via malware or infiltrating a loaded USB stick
  6. 6. WHO IS HE? • Born June 21, 1983 • High school dropout • Worked for NSA, then CIA, then employed by subcontractor Booz Allen Hamilton, working in NSA again • Salary: roughly US$200,000 (―took a pay cut to get back in NSA‖) • Lived in Hawaii before coming to Hong Kong on May 20, 2013 • Left Hong Kong on June 23, 2013 to Moscow, Russia
  7. 7. FIRST, IT WAS VERIZON… • First revealed by the Guardian (UK), NSA granted a court order under FISA (Foreign Intelligence Surveillance Act) of unlimited access to obtain Verizon phone data • Is it ―legal‖?
  8. 8. AND THEN, THERE WAS PRISM • A "clandestine mass electronic surveillance data mining program" since 2007, after the passage of the ―Protect America Act‖ under the Bush administration • PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic acquired under FISA section 702 authority
  9. 9. MORE OF SNOWDEN’S REVELATIONS • More secret programs to be revealed… • 4 surveillance programs (US) • MAINWAY • MARINA • NUCLEON • PRISM • Collecting and analyzing meta data on the internet (i.e. emails) and telecom (i.e. call logs) • Other released programs • Evil Olive – broadening the scope of data collecting • Shell Trumpet – another similar program revealed • EU and its alliance were one of the top targets
  10. 10. WHAT ABOUT OTHER COUNTRIES?  British – Tempora (sharing information with the US)  France – "collects signals from devices in France, and communications abroad‖  Germany – Providing intercepted data to the NSA  Russia – SORM, another surveillance programs  China?  Others?
  11. 11. SNOWDEN ON HONG KONG • Why he chose to come to Hong Kong? • He told SCMP: • Hacking into computers/servers in HK and China • At least several hundred times (>61,000 times globally) • University, public officials, students, businesses • Undersea cables
  12. 12. WORK IN COUNCIL - June 15 rally outside USCG - June 19: followup on urgent oral question; amendment passed on ―building a safe city‖; adjournment motion debate on cyber security - Letter to CE, Security Bureau and PCPD - June 26 Written question on government response - Forum on Infosec with security professionals - July 17: Amendment on motion debate
  13. 13. THE DEMANDS • Seeking response from the US government • HKSARG sent a letter to the US government on June 21 – no answer • Concrete measures to improve information security measures and awareness of local users and SMEs • Revive the Interdepartmental Working Group on Computer-Related Crime to review and propose new cross-departmental measures
  14. 14. GOVERNMENT’S RESPONSE • No problem, it’s all fine – ―we are not aware of any problems‖ • Repeating: • OGCIO’s infosec website • HKCERT • Police’s Cyber Security Center • Interdepartmental WG on cyber security? No. • Everything is fine. Really.
  15. 15. 何必,只顧政治化?
  16. 16. 原文:《天下烏鴉一般黑 — 如何平衡國家安全、個人私隱和通訊自由》 http://rthk.hk/mediadigest/20130715_76_123001.html
  17. 17. What are the implications?
  18. 18. WHAT NEXT? • The US or other governments can view almost everything they want • Can we still trust the Internet and cloud computing? • Brazil’s President is pushing new legislation to force Internet providers to store data locally gathered in Brazil • But is it practicable? Brazilian President Dilma Rousseff
  19. 19. IS FISA JUST AND FAIR? FISA (Foreign Intelligence Surveillance Act) • Repeatedly enforced after 911 attacks • Said to be for monitoring foreign threats in the US • But the truth is that it allows surveillance on global citizens, and even Americans
  20. 20. IS FISA JUST AND FAIR? • The United Nations Human Rights Commission recently discussed about regulating surveillance technology on global citizens • Suggest to advance international human rights obligations on privacy
  21. 21. WHAT SHOULD WE DO? • World class information security capabilities in HK • Highest density of CISSPs in the world • SMEs and individuals do not appreciate the importance of information security • Education • Protection from ―basic hacking‖ as a start • Set targets to reduce botnets? • Legal or regulatory measures?
  22. 22. Charles Mok Legislative Councilor (Information Technology) charles@charlesmok.hk www.charlesmok.hk Facebook: Charles Mok B Twitter: @charlesmok

×