Chicago threatquartets
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Chicago threatquartets

on

  • 158 views

 

Statistics

Views

Total Views
158
Views on SlideShare
158
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Chicago threatquartets Document Transcript

  • 1. Class Threat Vulnerability Threat-Source Threat Action People Unauthorized rights to access and possibly modify or delete sensitive company data. Weak password, either by poor design (birthday, "password," etc.) or by writing down the password by the access terminal. Unauthorized users, including hackers, crackers, computer criminals, terrorists, disgruntled or terminated employees, representatives of competing companies or foreign governments. A representative of a competing company cracks the account of a senior employee that set his password as his social-security number. This allows the competing company to gain competitive advantage by accessing sensitive company information and possibly by modifying or deleting company data. People Inadvertent modification or deletion of sensitive company data or users. Numerous users are given Admin privileges on the network. Company employees with access to sensitive data beyond what they need to know for their position and pay grade. A secretary of the company has full access to company records due to poor user access control. One day, the secretary accidently saves a recipe spreadsheet with the same name and file path as an important company document, leading to next quarter's cost/benefits decision making matrix to be deleted. People Unauthorized rights to access and possibly modify or delete sensitive company data. The access privileges of former employees are not revoked in a timely manner. Former employees. After being passed over for a promotion, a high- level company employee quits and accepts a position with a competing Chicago-based firm. During out processing, the company did not revoke the access privileges (or collect the smart card) of this employee. After starting with the new firm, the former employee accessed classified company information and passed it to the competing firm for competitive market advantage. People Infection of Company computer resources with viruses, worms, or Trojan horses. Employees connect to the company network using their personal laptop computers. Primarily, the threat-source is the employees that use their personal laptops at work. Secondarily, the threat-source is any unauthorized users, hackers, crackers, computer criminals, terrorists, or disgruntled or terminated employees, representatives of competing companies or foreign governments that use this vulnerability to their advantage An employee brings a personal laptop running Windows Millennium Edition (ME) and Internet Explorer 6 to work. This machine lacks proper anti-virus software and neither the operating system nor the client-side applications have been updated. Because of these vulnerabilities, the personal laptop is infected with viruses, worms, or Trojan horses. The employee connects the laptop to the company network with an Ethernet cable, and through the course of the work day, the viruses, worms, and Trojan horses spread to company equipment. Data Loss of important company data. The back-up of critical data is not up- to-date The threat-source includes any activity that could wipe the data from its current means of storage. This could be through device failure, intentional or inadvertent deletion. This could also include unauthorized modification of company data or the compromise of data through virus, worm, Trojan horse infection. The data server that stores the company database of sales figures fails due to a power surge. All SQL scripts and backups since 2005 were stored on the server as well, so they were lost. The IT staff reconstruct the database circa 2005, but all data from 2005 to the present was lost. Data Leaks of sensitive company information Company staff store confidential client information on their personal computers Unauthorized users, including hackers, crackers, computer criminals, terrorists, disgruntled or terminated employees, representatives of competing companies or foreign governments A hipster-esque company employee brings his MacBook Pro to a coffee shop in Wicker Park. During a mix-up, a local Hipster takes the employee's MacBook Pro by mistake (all hipsters have identical nearly-identical MacBooks). When the hipster gets home, he notices that the company has confidential data on Chicago-area businessmen, and he decides to send the data to WikiLeaks. Data Leaks of sensitive company information The company does not have protocols set for the destruction of paper documents or computer hard drives that contain important company information. Unauthorized users, representative of competing companies and foreign governments. While picking up trash from the company's headquarters, a Chicago sanitation worker notices a manillia folder in the trash containing confidential financial reports on the company. Realizing the value of this information, the sanitation worker sells the information to a local hedge fund manager for $5,000. The hedge fund sells all company stock prior to disclosure of a record-setting quarterly loss.
  • 2. Data Destruction of company data The company has not set proper permissions for the SQL account associated with an HTML front-end Hackers, crackers, computer criminals A cracker accesses the company web site and visits a page that includes a HTML form that interacts with the company's SQL back-end. In the box that allows a customer to enter their ID number, the criminal injects a SQL command to drop a table. As a result, an important table from the company database is deleted. Technology Disruption of the confidentiality, integrity or availability of company data. Client-side application software is unpatched. Unauthorized users, including hackers, crackers, computer criminals, terrorists, disgruntled or terminated employees, representatives of competing companies or foreign governments Although the company IT staff is diligent about making sure that the Windows OS is fully updated to close potential vulnerabilities, various client-side applications, including Adobe PDF Reader, QuickTime, and Adobe Flash are not up-to-date, allowing unauthorized users to exploit vulnerabilities in these pieces of software to disrupt the confidentiality, integrity, and availability of company data. Technology Disruption of the confidentiality, integrity or availability of company data. The backend validation script of the company's web portal tells the user if the username is correct or not. Unauthorized users, including hackers, crackers, computer criminals, terrorists, disgruntled or terminated employees, representatives of competing companies or foreign governments A competing firm in Green Bay hires several personnel to conduct industrial espionage on the company. The agents access the log in screen for the company's web site. They repeated enter guesses for user names, which repeated causes the underlying validation script to return "this username is not in the system." Eventually, they are returned "the password is incorrect," signaling to them that they have identified a valid user name. They then use a bot to repeatedly try different variations of common passwords. Eventually, the agents crack the user's account, allowing them access to select company resources. Technology The end-users cannot access the company's website The company's web server lacks protection against Denial-of-service attacks, either through firewalls, routers, or software suites. Hackers, crackers, computer criminals A cracker overwhelms the company's web server with a "ping flood" by running a client that repeatedly pings the web server. Because of this attack, the resources of the web server are fully consumed trying to resolve all the ping requests, making the company's web site inaccessible to end-users. Technology The employees are unable to access the company's wireless network. The company's wireless router is unsecured and still has the default configuration user name and password Unauthorized users, including hackers, crackers, computer criminals, terrorists, disgruntled or terminated employees, representatives of competing companies or foreign governments On "Bring your kids to work day," the VP of the company brings his teenage son to work to teach him the value of hard work. The son is frustrated with his father because he had a World of Warcraft session planned with his friends. In retaliation, the son discovers the unprotected company wireless Linksys router. After googleing the default user name and password for that particular router, he changes the name and password of the wireless network, cutting off employees from accessing the company network with their laptops. Facilities Destruction of company property and loss of data. The data center is located in the basement of a skyscraper next to the Chicago River. Torrential rain, Lake Michigan, the Chicago River, and other local bodies of water. Unusual rainfall and winds cause the water level of the Chicago River to rise above its banks and flood the streets of Chicago. The water leaks through the cracks around the doors of the building lobby and gradually pool on the ground floor. Eventually, the water reaches the elevator shaft or stairway to the basement, and the basement begins to flood. The servers and electronic equipment of the company's data center become fried and data is lost.
  • 3. Facilities Destruction of company property and loss of data. The data center is not protected by a fire-suppression system. Any fire, either starting in the datacenter, in the building housing the data center, or in a nearby building during a windy Chicago day. During a hot and windy Chicago summer day, a fire starts in a nearby factory. Due to the high winds, the fire spreads to the building that houses the company's data center. Although the fire department responds quickly, the fire destroys all company equipment and data. A fire-suppression system would have protected the equipment long enough for a proper response from the timely and professional Chicago Fire Department. Facilities Loss of company data and potential damage to an important server. An important server in the data center is not connected to an uninterruptable power supply (UPS). A transient fault, brownout, or black out leading to either short-term or long-term power failure. Overuse of A/C during a hot summer Chicago day overwhelms the power capacity of the Chicagoland area, and power is lost to the server. Because there is no UPS hooked up to the server, the machine immediately goes dead, losing critical data and threatening damage by failure to undergo proper shut- down procedures. Facilities Destruction of company property and loss of data. Although most office equipment is hooked up to surge protectors, several company laptops are directly to a wall outlet without a surge protector. Lightning strikes, power outages, short circuits, malfunctions by the power company, electromagnetic spikes, or any other factor leading to a voltage spike. During a summer thunderstorm, a bolt of lightning hits a nearby power transformer, leading to a voltage spike in nearby power lines. The high voltage travels through the power system and into the office building. The surge protectors block the voltage spike from traveling into most of the office equipment, but the company's new expensive laptops are completely fried, destroying all components and shorting all data.