More Related Content
Similar to File000155 (20)
More from Desmond Devendran
More from Desmond Devendran (20)
File000155
- 2. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Hacker Accesses UF
Dental Patient Data
Source: http://www.gatorsports.com/
By Nathan Crabbe
Published: Thursday, November 13, 2008 at 6:01 a.m.
A hacker accessed a University of Florida College of Dentistry computer server containing personal information of more
than 344,000 current and former dental patients, UF announced Wednesday.
The information included names, addresses, birth dates, Social Security numbers and dental procedure information for
patients dating back to 1990. College staff members discovered the breach Oct. 3 while upgrading the server, finding that
unauthorized software had been installed on it from a location outside the university.
UF officials have no evidence at this time that the hacker used the information for fraudulent purposes, said Melanie Fridl
Ross, a spokeswoman for UF's Health Science Center.
"It's sort of like someone coming home and finding that their door is open, but it's unclear if any valuables have been taken,"
she said.
FBI and University Police officers are investigating. Letters were mailed Monday to alert 336,234 patients about the breach.
The university is seeking addresses for another 8,248 patients with data on the server.
A hot line, 1-866-783-5883, has been established for patient questions. Patients can call the hot line to find out exactly what
information was contained on the server, Ross said.
College of Dentistry Dean Teresa Dolan said the college keeps electronic records of dental procedures, but not on
medications or chronic illnesses.
The breach involved patient information from the college's clinics on the main UF campus, the east side of Gainesville, and
in Hialeah and Jacksonville, she said.
Medical identity theft is a growing problem, said Paul Stephens, director of policy and advocacy for the San Diego-based
nonprofit Privacy Rights Clearinghouse.
- 3. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Extortion Used in
Prescription Data Breach
Source: http://www.washingtonpost.com/
FBI Investigating Threat Against Express Scripts Customers
By Brian Krebs
Saturday, November 8, 2008; Page D01
One of the nation's largest processors of pharmacy prescriptions said this week that extortionists are threatening to disclose
personal and medical information about millions of Americans if the company fails to meet payment demands.
St. Louis-based Express Scripts said Thursday that in early October it received a letter that included the names, birth dates,
Social Security numbers and, in some cases, prescription data on 75 of its customers. The authors threatened to expose
millions of consumer records if the company declined to pay up, Express Scripts said in a statement.
Chief executive George Paz said in the statement that Express Scripts has no intention of paying and that his company is
working with the FBI to track down those responsible for the scam.
Express Scripts is the third-largest U.S. pharmacy benefit management firm, which processes and pays prescription drug
claims. Working with more than 1,600 companies, it handles roughly 500 million prescriptions a year for about 50 million
Americans.
Express Scripts has notified its clients of the threat. Fairfax County Public Schools yesterday sent a letter to employees alerting
health-plan participants who use Express Scripts to the breach.
"FCPS is deeply concerned about this kind of breach, which could adversely affect our employees," Superintendent Jack D.
Dale said in the letter. "We expect and deserve the highest level of security when we entrust our vendors to handle our
employees' personal information."
The letter was delivered by mail, said company spokesman Steve Littlejohn. He declined to say how much money the
extortionists were demanding. He added that the company is trying to determine how the data were stolen.
"We know where the data came from by looking at it, but precisely how it was accessed is still part of the investigation,"
Littlejohn said.
- 4. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective
• How Computer Data Breaches Occur
• Investigating the Local Machine
• Investigating the Network
• Countermeasures
This module will familiarize you with:
- 5. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
How Computer Data Breaches Occur
Investigating the Local Machine
Investigating the Network
Countermeasures
- 7. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Using the External Memory
Devices
Data can be stolen using external memory devices
External memory devices are available with a capacity of 64
MB to 250 GB
USB ports are used to transfer the data
External hard disks can be used to copy the complete hard
disk data
CD/DVD’s are used to burn the important data
- 8. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Using the Internet
• Sending files through email
• Sharing files through webhosting services
• Uploading files in FTP servers
• Transferring files using IMs
Internet is used for the breaches listed below:
- 9. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Using Cell Phones and iPods
Mobile phones come with external memory where the data can be stored up to
32GB
Data can be carried using such mobile phones
iPods are also used to carry important files
- 10. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Using Malware
Malware includes computer viruses, worms, Trojan horses,
rootkits, spyware, dishonest adware, and other malicious
and unwanted software
Trojans and rootkits are used to steal the sensitive data
Using malware, attackers can gain access and remotely
access the victim’s system
- 11. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Others Techniques
• These techniques can be used to encrypt the
information and hide the communication so that
it becomes difficult to detect data leakage
Cryptography and Steganography
techniques:
• Attackers or insiders may change the file
extensions so that the data files may appear to be
some other type of file, for example a .xls
extension may be changed to a .jpg extension to
hide the data theft
Changing the file extension types:
- 12. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Investigating Local Machine
- 13. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check the Registry Editor
Registry editor should be checked for any external memory devices used
Tools such as USBDeview, MyUSBOnly can be used to check the name, date, and
time of external memory devices used
- 14. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check For CD/DVD Burning
Software
Check the local machine for any CD/DVD burning software installed
Check for the recent projects in such software
Collect the information such as data burnt, time, and user
- 15. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check for Browsing History
Web browsers are a vital key for interacting with the
Internet
Check the local machine’s browsing history
Cache may contain the temporary web page files
Cookies contain stored database session or some other
piece of information
Tool ‘Cookie Viewer’ discovers the information that web
sites store on the user’s computer
- 16. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check the Downloads
Check the local machine download history whether the user has downloaded any
FTP clients, IMs, or any other software
Using the browsing and downloads history, the information regarding the FTP
clients, web hosting services, and IMs are known
- 17. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check the Email History
Check for suspicious mail in sent mail history
Check the attachments for such email
Check the trash for the deleted files
- 18. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check for Suspicious Software
Check the local machine for any mobile drivers
installed
Check for any data encryption, cryptography, and
steganography software
Magic Lantern software allows agents to decode the
hard to break encrypted data of the criminal suspects
- 20. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check the Firewall
Check the firewall where individual browsing details are
logged
• Sites visited
• Downloads
Check the amount of data transferred from a particular
IP address
Check the router logs
- 21. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check the Mail Server
Check the mail server for all the incoming and outgoing emails
Open and check the attachments
Collect the email IDs where the data is transferred
- 22. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Check the Printers
Check the printer for any data has been taken in the form of
print outs
- 24. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Countermeasures
Create different accounts such as admin, guest, and user
to provide limited access
Ensure critical data files are backed up and the backups
are securely stored in another location
Establish policies and procedures for computing and file
access
Disable the USB ports
- 25. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Countermeasures (cont’d)
Install anti-virus and update it
regularly
Install Email, USB, and IM
monitoring software
Implement administrative,
physical, and technical controls
Train employees to safeguard
the data
- 26. EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
Data can be stolen using external memory devices
Files can be shared through emails and webhosting services
Cryptography and Steganography techniques are used to send the data
Cookies contain stored database session or some other piece of information
Check the local machine download history whether the user has downloaded any FTP
clients, IMs, or any other software
Check for any data encryption, cryptography, and steganography software
Check the mail server for all the incoming and outgoing mails
Create different accounts such as admin, guest, and user to provide limited access