Jameel Nabbo Cyber Security conference

1. CYBER SECURITY SECURITY IN MY DNA BY JAMEEL NABBO WWW.JAMEELNABBO.COM

2. WHAT IS SECURITY! Ø Security is the degree of resistance to, or protection from, harm. Ø It is the state of being free from danger or threat.

3. OVERVIEW OF HACKING v Hack examine something very minutely The rapid crafting of new program or the making of changes to existing, usually complicated software v Hacker The person who hacks v Cracker System intruder/ destroyer

4. A BRIEF HISTORY OF HACKING

5. A BRIEF HISTORY OF HACKING Ø 2011 The Canadian government has revealed in news sources that they became a victim of cyber attacks in February 2011 from foreign hackers with IP addresses from China. These hackers were able to infiltrate three departments within the Canadian government and transmitted classified information back to themselves. Canada eventually cut off the internet access of the three departments in order to cut off the transmission towards China.

6. A BRIEF HISTORY OF HACKING Ø 2001 In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. Ø 2007 Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three minutes from 250 customer account.

7. A BRIEF HISTORY OF HACKING 2014 A White House computer network has been breached by hackers, it has been reported. The unclassified Executive Office of the President network was attacked, according to the Washington Post. US authorities are reported to be investigating the breach, which was reported to officials by an ally of the US, sources said. White House officials believe the attack was state-sponsored but are not saying what - if any - data was taken. In a statement to the AFP news agency, the White House said "some elements of the unclassified network" had been affected.

8. A BRIEF HISTORY OF HACKING Ø 2016 Banks globally face a growing threat from cyber attacks, more of which have succeeded since February's $81 million heist from the Bangladesh central bank. Ø 2016 Hackers targeted Turkey's Akbank via the SWIFT global money transfer system in an attack which the bank said had not compromised customer data but would cost it up to $4 million.

9. HACKER AND ETHICAL HACKER v Hacker Access computer system or network without authorization Breaks the law v Ethical hacker Performs most of the same activities but with owner’s permission Employed by companies to perform Penetration Tests

10. TYPES OF HACKERS Ø White Hat Hacker -> ME J • Good guys • Don’t use their skill for illegal purpose • Computer security experts and help to protect from Black Hats. ØBlack Hat Hacker Bad guys • Use their skill maliciously for personal gain • Hack banks, steal credit cards and deface websites Ø Grey Hat Hacker • It is a combination of White hat n Black Hat Hackers • Goal of grey hat hackers is to provide national security

11. FAMOUS HACKERS IN HISTORY Ian Murphy Kevin Mitnick Johan Helsinguis Mark Abene Robert MorrisLinus Torvalds

12. HACKING PROCESS Scanning Enumeration Attack and Gaining Access Escalating Privilege, Covering Tracks and Creating Backdoors

13. GENERAL HACKING METHODS A typical attacker works in the following manner: • Identify the target system. • Gathering Information on the target system. • Finding a possible loophole in the target system. • Exploiting this loophole using exploit code. • Removing all traces from the log files and escaping without a trace.

14. TYPES OF ATTACK ØThere are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are: ü Denial of Services attacks (DOS Attacks) ü Threat from Sniffing and Key Logging ü Trojan Attacks ü IP Spoofing ü Buffer Overflows ü All other types of Attacks

15. MILLIONS OF VICTIMS EVERYDAY

16. LIVE EXAMPLE http://www.effecthacking.com/2015/04/dsploit-android-app-for-hackers.html dSploit is a penetration testing suite developed by Simone Margaritelli for the Android operating system. It consists of several modules that are capable to perform network security assessments on wireless networks. It allows you to perform tasks such as, network mapping, vulnerability scanning, password cracking, Man-In-The-Middle attacks and many more.