The document discusses privacy and cybercrime. It notes that identity theft is the fastest growing crime in America, with 9.9 million victims reported last year. It introduces Mari J. Frank, an identity theft survivor and author of a book providing guidance to victims on ending the nightmare of identity theft. Contact information is provided for two websites on identity theft run by the federal government.
2. Center for Information Assurance
and Cybersecurity (CIAC)
The Center for Information
Assurance and Cybersecurity
(CIAC)
at the University of Washington integrates
industry, academia and the Pacific Northwest
community to promote multi-disciplined, regional
collaboration, produce innovative research directions and educational programs, and develop information
assurance professionals at all levels who are well-prepared to contend with the dynamics of the Information Age.
3. Dr. Barbara Endicott-Popovsky
Department Fellow Aberystwyth University
Director Center for Information Assurance and Cybersecurity University of Washington
Academic Director Master of Infrastructure Planning and Management
Research Associate Professor University of Washington Information School
email: endicott@uw.edu
Office: Suite 400 RCB
Phone: 206-284-6123
Website: http://faculty.washington.edu/endicott
Barbara Endicott-Popovsky, Ph.D., is Director for the Center of Information Assurance and Cybersecurity at the University
of Washington, designated by the NSA as a Center for Academic Excellence in Information Assurance Education and
Research, Academic Director for the Masters in Infrastructure Planning and Management in the Urban Planning
Department of the School of Built Environments and holds an appointment as Research Associate Professor with the
Information School. Her academic career follows a 20-year career in industry marked by executive and consulting positions
in IT architecture and project management.
Her research interests include enterprise-wide information systems security and compliance management, forensic-ready
networks, the science of digital forensics and secure coding practices. For her work in the relevance of archival sciences to
digital forensics, she is a member of the American Academy of Forensic Scientists. Barbara earned her Ph.D. in Computer
Science/Computer Security from the University of Idaho (2007), and holds a Masters of Science in Information Systems
Engineering from Seattle Pacific University (1987), a Masters in Business Administration from the University of Washington
(1985) and a Bachelor of Arts from the University of Pittsburgh.
5. Agricultural Industrial Information
Attribute Age Age Age
Wealth Land Capital Knowledge
Advancement Conquest Invention Paradigm Shifts
Time Sun/Seasons Factory Time Zones
Whistle
Workplace Farm Capital Networks
equipment
Organization Family Corporation Collaborations
Structure
Tools Plow Machines Computers
Problem-solving Self Delegation Integration
Knowledge Generalized Specialized Interdisciplinary
Learning Self-taught Classroom Online
6. Our Love Affair with the Internet
“Docs
Embracing
Internet”
“US Internet Users Embrace Digital Imaging”
“Baby Boomers Embracing Mobile Technology”
16. Cyber Attack Sophistication
Continues To Evolve
Source: CERT 2004
Cross site scripting bots
High “stealth” / advanced
Intruder scanning techniques
Knowledge Staged
packet spoofing denial of service attack
sniffers distributed
Tools attack tools
sweepers www attacks
automated probes/scans
GUI
back doors
disabling audits network mgmt. diagnostics
hijacking
burglaries sessions
exploiting known vulnerabilities
password cracking
Attack
self-replicating code
Sophistication
password guessing Attackers Technical Skills
Low
1980 1985 1990 1995 2000+
17. Cybercrime and Money…
• McAfee CEO: “Cybercrime has become a
$105B business that now surpasses the value
of the illegal drug trade worldwide”
18. Symantec Internet Security Threat Report
– Threat landscape is more dynamic than ever
– Attackers rapidly adapting new techniques and
strategies to circumvent new security measures
– Today’s Threat Landscape..
• Increased professionalism and commercialization of
malicious activities
• Threats tailored for specific regions
• Increasing numbers of multi-staged attacks
• Attackers targeting victims by first exploiting trusted
entities
• Convergence of attack methods
19. “If the Internet were a street, I wouldn’t
walk it in daytime…” K. Bailey, CISO UW
• 75% of traffic is malicious
• Unprotected computer infected in < 1 minute
• Organized crime makes more money on the Internet
than through drugs
• The ‘take’ from the Internet doubles e-commerce
Courtesy: FBI, LE
21. Electronic voting outlawed in Ireland, Michael
Flatley DVDs okay for now
by Tim Stevens posted Apr 28th 2009 at 7:23AM
Yes, it's another international blow for electronic voting. We've seen the things proven to be insecure, illegal,
and, most recently, unconstitutional. Now the Emerald Isle is taking a similar step, scrapping an e-voting
network that has cost €51 million to develop (about $66 million) in favor of good 'ol paper ballots. With that
crisis averted Irish politicians can get back to what they do best: blaming each other for wasting €51 million
in taxpayer money.
http://www.engadget.com/2009/04/28/electronic-voting-outlawed-in-ireland-michael-flatley-dvds-okay/
22. July 31, 2009, 12:34 pm
Student Fined $675,000 in Downloading Case
By Dave Itzkoff
Bizuayehu Tesfaye/Associated Press Joel Tenenbaum was found
liable for copyright violations in a trial in Boston.
Updated | 7:03 p.m. A jury decided Friday that a Boston University student should pay
$675,000 to four record labels for illegally downloading and sharing music, The Associated
Press reported.
A judge ruled that Joel Tenenbaum, 25, who admitted to downloading more than 800 songs from
the Internet between 1999 and 2007 did so in violation of copyright laws and is liable for
damages. Mr. Tenenbaum testified Thursday in federal district court in Boston that he had
downloaded and shared hundreds of songs by artists including Nirvana, Green Day and the
Smashing Pumpkins, and said that he had lied in pretrial depositions when he said that friends or
siblings may have downloaded the songs to his computer. The record labels involved the case
have focused on only 30 of the songs that Mr. Tenenbaum downloaded. Under federal law they
were entitled to $750 to $30,000 per infringement, but the jury could have raised that to as much
as $150,000 per track if it found the infringements were willful. In arguments on Friday, The
A.P. reported, a lawyer for Mr. Tenenbaum urged a jury to “send a message” to the music
industry by awarding only minimal damages.
http://artsbeat.blogs.nytimes.com/2009/07/31/judge-rules-student-is-liable-in-music-download-case/
23. Majority think outsourcing threatens
network security
Angela Moscaritolo
September 29, 2009
A majority of IT security professionals believe that outsourcing technology jobs to offshore
locations has a negative impact on network security, according to a survey released Tuesday.
In the survey of 350 IT managers and network administrators concerned with computer and
network security at their organizations, 69 percent of respondents said they believe outsourcing
negatively impacts network security, nine percent said it had a positive impact and 22 said it
had no impact.
The survey, conducted this month by Amplitude Research and commissioned by VanDyke
Software, a provider of secure file transfer solutions, found that 29 percent of respondents'
employers outsource technology jobs to India, China and other locations.
Of those respondents whose companies outsource technology jobs, half said that they believe
doing so has had a negative impact on network security.
Sixty-one percent of respondents whose companies outsource technology jobs also said their
organization experienced an unauthorized intrusion. In contrast, just 35 percent of those whose
company does not outsource did. However, the survey noted that organizations that do
outsource were “significantly” more likely than those that do not to report intrusions.
“We're not going to say we have any proven cause and effect,” Steve Birnkrant, CEO of
Amplitude Research, told SCMagazineUS.com on Tuesday. “Correlation doesn't prove
causation, but it's definitely intriguing that the companies that outsource jobs offshore are more
likely to report unauthorized intrusions.”
In a separate survey released last December from Lumension Security and the Ponemon
Institute, IT security professionals said that outsourcing would be the biggest cybersecurity
threat of 2009.
In light if the recession, companies are outsourcing to reduce costs, but the practice opens
organizations up to the threat of sensitive or confidential information not being properly
protected, and unauthorized parties gaining access to private files, the survey concluded.
In contrast to their overall views about the impact that outsourcing has on network security,
Amplitude/VanDyke Software survey respondents were largely positive about the impact of
outside security audits. Seventy-two percent of respondents whose companies paid for outside
audits said they were worthwhile investments and 54 percent said they resulted in the discovery
of significant security problems.
http://www.scmagazineus.com/Majority-think-outsourcing-threatens-network-security/article/150955/
24. Connecticut drops felony charges against Julie Amero, four years
after her arrest
By
Rick Green
on November 21, 2008 5:16 PM |
The unbelievable story of Julie Amero concluded quietly Friday afternoon at Superior Court in Norwich,
with the state of Connecticut dropping four felony pornography charges.
Amero agreed to plead guilty to a single charge of disorderly
conduct, a misdemeanor. Amero, who has been
hospitalized and suffers from declining health, also
surrendered her teaching license.
"Oh honey, it's over. I feel wonderful," Amero, 41, said a few
minutes after accepting the deal where she also had to
surrender her teaching license. "The Norwich police made a
mistake. It was proven. That makes me feel like I'm on top
of the world."
In June of 2007, Judge Hillary B. Strackbein tossed out
Amero's conviction on charges that she intentionally caused
a stream of "pop-up" pornography on the computer in her classroom and allowed students to view it.
Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the
conviction was based on "erroneous" and "false information."
But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a
mistake may have been made -- even after computer experts from around the country demonstrated that
Amero's computer had been infected by "spyware."
New London County State's Attorney Michael Regan told me late Friday the state remained convinced Amero
was guilty and was prepared to again go to trial.
"I have no regrets. Things took a course that was unplanned. Unfortunately the computer wasn't examined
properly by the Norwich police," Regan said.
"For some reason this case caught the media's attention,'' Regan said.
The case also caught the attention of computer security experts from California to Florida, who read about
Amero's conviction on Internet news sites. Recognizing the classic signs of a computer infected by malicious
adware, volunteers examined computer records and the hard drive and determined that Amero was not
responsible for the pornographic stream on her computer.
The state never conducted a forensic examination of the hard drive and instead relied on the expertise of a
Norwich detective, with limited computer experience. Experts working for Amero ridiculed the state's
evidence, saying it was a classic case of spyware seizing control of the computer. Other experts also said
that Amero's response -- she failed to turn off the computer -- was not unusual in cases like this.
Among other things, the security experts found that the Norwich school system had failed to properly
update software that would have blocked the pornography in the first place.
http://blogs.courant.com/rick_green/2008/11/connecticut-drops-felony-charg.html
29. Security and Privacy: Two Faces of the Same Coin
Security:
Privacy:
Outward
Inward
Facing
Facing
30. Information System Security
Revolution
1960-1980 1985 1995 -
Packet
Switch
Bridge
File
Server
Gateway
Other
Networks
Computer Security INFOSEC Information Assurance
31. The Castle Approach: Defense in Depth
• Perimeter defense: firewalls
Protect
• Layered defense: AV, IDS, IPS your data
• However, these aren’t working!
32. Trusting Controls Assumes:
• Design implements your goals
• Sum total of controls implement all goals
• Implementation is correct
• Installation/administration are
correct
33. Bottom line assumption:
You Will Never Own a Perfectly
Secure System!!!
You Will Never Own a Perfectly
Secure System!!!
You Will Never Own a Perfectly
Secure System!!!
34. Individual Strategy
• Awareness of the threat
• Layered Defense on your home computer
– Multiple tools
– Patch program
– Upgrade
• Implement privacy options in social media
• Be deliberate about where your data resides
• Think like a “bad guy!”
• Limit your children’s access
35. Kid Nation
• Kids know technology better than adults
• More prone to commit cyber crime
• Plagiarism sites
• Music downloads
• Disrespect for IP
• Cyberbullying
• Blind trust online
• Need for cyberethics training
36.
37.
38. Identity-Theft is the fastest growing crime in America; 9.9 MILLION victims were
reported last year, according to a Federal Trade Commission survey!
Mari J. Frank. Esq. is a survivor of identity-theft, and the author of the book
From Victim to Victor; A Step-by-Step Guide For Ending The Nightmare Of
Identity Theft.
http://www.identitytheft.org/
http://www.identitytheft.gov/