Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Billion Dollar Product - Online Privacy (v2.2)

149 views

Published on

Presentation discussing the erosion of online privacy. How companies and governments are utilising, misusing and selling personal data without the subjects knowledge! There is no such thing as a free ride or service. People are effectively the product. The billion dollar product.
This presentation addresses how large-scale companies using mainframes believe that their data is secure and that this does not require any special attention or consideration, which ultimately leads to major risks.

Published in: Internet

The Billion Dollar Product - Online Privacy (v2.2)

  1. 1. Delivering the best in z services, so2ware, hardware and training. Delivering the best in z services, so2ware, hardware and training. World Class z Specialists The Billion Dollar Product – Online Privacy Rui Miguel Feio – Security Lead
  2. 2. Agenda •  Introduc:on •  Free online services •  Nothing in life is for free •  Paid online web services •  How do they do it? •  Risks •  Security (or lack of it) •  The mainframe •  Conclusion •  Ques:ons
  3. 3. Introduc:on –  Security lead at RSM Partners –  Been working with mainframes for the past 17 years –  Started as an MVS Systems Programmer with IBM –  Specialises in mainframe security –  Experience in non-mainframe plaTorms as well –  Been given presenta:ons all over the world
  4. 4. Free Online Services
  5. 5. Free online services
  6. 6. It’s free in return for… •  Placing cookies on your devices to track you and your online ac:vi:es •  Collec:ng ‘some’ of your personal data •  Including ads in the web sites you use
  7. 7. Is this fair? •  YES!! The services are for free!!! •  Who cares?... I don’t have anything to hide! •  Saw a great quote the other day… “My biggest fear is when I die ... ...Is that my wife sells my motorbikes for what I told her I paid for them!!!” •  See we all have something to hide J
  8. 8. Nothing in life is for free
  9. 9. “[…] a person has no legi:mate expecta:on of privacy in informa:on he voluntarily turns over to third par:es” Google’s legal team
  10. 10. Privacy Policy & Terms and Condi:ons •  How many of you ever read them? •  Typically these are extensive and difficult to decipher •  They are legally binding business proposi:ons between you and the online service provider •  Ok, but who cares…? •  It’s a free service!!... Really?
  11. 11. Let me ask you something… •  How much do you value your privacy? •  How about your friends and family’s privacy? •  What do you think could happen if your data was misused? •  Have you ever searched or visited an online website that you would rather like to keep a ‘secret’? •  I know I have J
  12. 12. Interes:ng facts •  On a daily basis Google processes around 24 Petabytes of data •  This data is then stored and sold for adver:sement •  The use of Cookies: –  Fingerprints that allow you to be traced and catalogued •  What you see online is customised for you based on your ‘online profile’
  13. 13. Value of a Company •  Why do you think Facebook or Google are worth billions of dollars? •  A study published by the Wall Street Journal on Facebook: –  Each long-term user is worth $80.95 –  Each friendship is worth $0.62 –  Your profile page is worth $1,800 –  A business page and associated ad revenues are worth $3.1 million
  14. 14. Let me see if I got this right… •  You use these ‘free’ online web services •  You create your own social network •  You invite others to join the ‘free’ online service •  You add content: –  Ideas and thoughts –  Status updates –  Photos, videos, … –  Links to other users and pages –  Interact with other people –  Search –  …
  15. 15. So… •  How much do you get paid for all this? •  All of this effort is worth a lot of money for the ‘free’ online service provider and you get nothing? •  Hmmm… you are indeed a great value for the ‘free’ online service!
  16. 16. Interes:ng facts •  People who use ‘free’ online services have become the largest unpaid workforce in history! •  The data that you have freely provided can be used by the ‘free’ online service companies to be sold to third par:es •  You just don’t get any money… and you have no say either!
  17. 17. Paid online web services
  18. 18. Paid online services – are they any different? •  Not really… •  Many of the paid online services use the data you provide as means to capitalise and make more money: –  Customised services or products –  Ads –  Data sold to third par:es
  19. 19. How do they do it?
  20. 20. How does it work? •  The online service providers profile you as do many other organisa:ons: –  Reads, scans, and searches your data, messages and web searches –  Analyses your data and your online trends –  Tracks you (cookies, smart phones, …) –  Creates an ‘online’ profile of You!!
  21. 21. How does it work? •  The online service providers mone:ses YOU! •  Tries to sell you products and services based on your ‘online’ profile •  Displays data on your screen according to your ‘online’ profile •  Sells you and your data to third par:es
  22. 22. Who would want your data? •  Everyone! Every single company wants it! •  Why? –  Because now they have a way of profiling you –  They know who you are, what you like, what you don’t like, what you do, whom you do it with, who are your friends, what your habits are… –  An insurance company knows your habits, and can now decide if you are ‘worthy to be insured’ –  A financial bank can decide if it will lend you money or not –  They know you from your ‘online’ profile!
  23. 23. Risks
  24. 24. Oh, oh, we’re in trouble!... •  Who are the third par:es that are geung your data? –  Other companies –  Data Brokers •  Lack of legisla:on •  How secure are the IT infrastructure of the companies that now have your data and your ‘online’ profile?
  25. 25. Danger! Danger! •  Websites, smart phones, tablets, smart watches, GPS devices, … •  How is your data being used? •  For what purposes is your data being used? •  How secure are these websites and devices?
  26. 26. Interes:ng facts •  82% of Android apps track and collect your online ac:vi:es •  Data brokers get informa:on from your ISP, online ac:vity, credit card companies, mobile phone companies, banks, etc. •  Data brokers aim to provide ‘behavioural targe:ng’
  27. 27. Interes:ng facts •  Data broker company Acxiom Corpora:on: –  Has more than 23,000 servers –  These servers collect, collate and analyse more than 50 trillion unique data transac:ons per year –  96% of American households are in its DBs –  Has more than 700 million user profiles from around the world –  Each profile has more than 1,500 specific traits •  One quote stated ‘This is the age of the stalker economy’… •  Well is it???
  28. 28. Security (or lack of it)
  29. 29. Interes:ng facts •  Worldwide spending on security so2ware totalled nearly $20 billion in 2012 •  Worldwide spending on security so2ware es:mated to reach $94 billion by 2017 •  An average of 62% of the intrusions against businesses were only detected a2er 2 months •  The average :me from the ini:al breach un:l discovery of the intrusion is 210 days •  Companies face nearly $154 in costs per record stolen
  30. 30. Costs of data breach for a business •  Detec:ng the breach •  Containing the awacks •  Inves:ga:ng the awacks •  Iden:fying the awackers •  Remedia:ng the IT infrastructure •  Sales decline •  Credit card replacement fees •  Consumer credit-monitoring services •  Insurance premiums •  Drop in stock market share price •  Company’s image
  31. 31. Oh, oh, we’ve been hacked! •  Mossack Fonseca (Panama Papers) – 11 million records (2016) •  21st Century Oncology – 2.2 million records (2016) •  Verizon – 1.5 million records (2016) •  US Voters database - 191 million records (2015) •  VTech - 12 million records (2015) •  Ashley Madison – 37 million records (2015) •  Mspy kids & partner tracking service – 400,000 records (2015) •  Home Depot – 56 million records (2015) •  Anthem health insurance – 80 million records (2015) •  JP Morgan Chase – 76 million records (2014) •  And so many more…
  32. 32. World’s biggest data breaches hHp://www.informaKonisbeauKful.net/visualizaKons/worlds-biggest-data-breaches-hacks/
  33. 33. World’s biggest data breaches hHp://www.informaKonisbeauKful.net/visualizaKons/worlds-biggest-data-breaches-hacks/
  34. 34. Cost of data breach for You •  The hacker can now poten:ally have: –  Your online login creden:als –  Detailed informa:on about you –  Your credit card informa:on •  The hacker can now: –  Sell your data (yes, even to companies) –  Test your login creden:als in other sites and servers –  Manipulate your data –  Steal you iden:ty –  Black mail you!
  35. 35. So, let me ask you again… •  How much do you value your privacy? •  How about your friends and family’s privacy? •  What do you think it could happen if your data was misused? •  Are you sure you have nothing to hide?
  36. 36. The Mainframe
  37. 37. Ah, we’re safe! No one hacks the mainframe!! •  Are you sure about that? –  IT firm Logica – more than 10,000 social security numbers (2012) –  Swedish Nordea bank – personal data, money (2013) –  Internal hack in one major UK Bank (2013) - £2million in losses •  But the mainframe is the most secure plaTorm in the world! –  No, the mainframe is the most securable plaTorm in the world –  Requires effort, investment and resources –  People need to be trained to be kept up to date with the new security threats and trends
  38. 38. From my experience with mainframe clients… •  The mainframe is part of an ecosystem of mul:ple plaTorms. –  If one of them gets compromised how will it affect the mainframe? •  Hackers are geung really interested on the mainframe •  It’s just a mawer of :me un:l a mainframe is seriously compromised •  Oh my, a lot of work needs to be done!
  39. 39. Our experience with mainframe clients… •  Management s:ll sees the mainframe as un-hackable which leads to a lack of investment or interest in mainframe security •  While performing mainframe audits and penetra:on tests for various clients we see the same common security problems over and over again •  Was sat with a client the other day and they stated: “The mainframe is the only system that has complete view of our clients, it’s our system of record… But... ... We don’t protect it properly”
  40. 40. Conclusion
  41. 41. Conclusion •  ‘Free’ online services can be useful •  Use them, but don’t abuse them! •  Think: “Do I really need to use this service?” •  Be careful about the data you provide! •  Others can pick your digital footprint and interpret it without your knowledge and in ways that can cause you harm. •  Governments need to implement appropriate legisla:on around data and privacy! •  Private data is worth billions!
  42. 42. Conclusion •  If you are really concerned about your online privacy take a look at: –  TOR –  DISCONNECT ME
  43. 43. TOR (The Onion Router) •  The most popular browser is TOR •  TOR is not necessarily just for the Dark Web •  TOR is all about online privacy •  It can be downloaded at TORPROJECT.ORG •  Several Downloads available
  44. 44. Disconnect Statement: The Tor Project is a non-profit dedicated to research, development, and educa:on about online anonymity and privacy. This mission is in alignment with Disconnect’s own mission to make privacy the default online, and our partnership with Tor marks a major milestone in achieving our mutual goals.
  45. 45. And Finally….....
  46. 46. Ques:ons
  47. 47. Rui Miguel Feio, RSM Partners ruif@rsmpartners.com mobile: +44 (0) 7570 911459 linkedin: www.linkedin.com/in/rfeio www.rsmpartners.com Contact

×