SlideShare a Scribd company logo

30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teaching People about Internet Security

Download as PPTX, PDF
Jonathan Care
Jonathan Care

Slides from keynote presentation at London Metropolitan University. Lessons learned, experiences in the InfoSec industry. etc.

Education
1 of 26
30 years living a happy life Breaking Systems, Chasing Bad Guys, and Helping People Understand Internet Security
About.me/jhc  Jonathan Care  @arashiyama  http://www.linkedin.com/in/computercrime
What makes you happy?
Highlights and lowlights  Helped build one of the first Internet backbones  Set up my own ISP from scratch (just add £2M…)  Investigated numerous breaches in conjunction with major tech vendors and law enforcement  Expert witness testimony  Cryptographic design for UK Government  Discovered the iOS “location.consolidated” bug  Dot.com millionaire!  Risk research for a large credit card company  CHECK accredited penetration tester  PCI DSS auditor
Where did I get started?
What have I observed?
Real Statistics?
Real reality  Regrettably the percentage of organisations reporting computer intrusions has continued to decline. The key reason given… was the fear of negative publicity. As a consequence this has resulted in a belief that the threat and impact has also been gravely underestimated – Metropolitan Police  If I report this, I am worried what else the police will find – Anonymous IT Director  We don’t handle payments so it doesn’t really matter if our code is secure or not – Web Development firm providing e-commerce (!) How soon can we start our web server up again? – Compromised Web Merchant
Why commit crimes on the Internet?  Potentially High Financial Gain  Anonymity  Rapid, secure, global communications  Global impact – 1 billion plus users (1 in 6 of the world’s population)  Virtual marketplace – reduced risks of being detected, disrupted or caught  Volatile evidential trail – ISP limited retention of data  Cross Border investigations protracted for law enforcement And… “Because that’s where the money is” – Willie Sutton
Anonymity? Not really.
Did somebody mention hacking?
Meanwhile …
Wide open webcams?
Oh yeah.
Data Privacy is Dead Criminals get ongoing access to credit reports SSNDOB Compromise of KBA and PII at Major Data Brokers PII data combined with financial records for sale Serious web-code vulnerabilities compromise sensitive information Almost 1.5 billion usernames and passwords stolen *Source Symantec Internet Security Threat Report 2014
Conclusions
What have I learned?  All software has bugs.  Bugs will be discovered  Some bugs will have a security impact  Product owners continue to value functionality over security  Investors place little value on security and privacy  End users trust vendors  Security is always trumped by convenience – bad design makes bad security
What can we do?
Security architecture landscape Customer friction ‘harder is better’ doesn’t keep bad guys out and annoys good guys Systematic compromise of personal data & credentials Exceptions; you are only as good as your weakest link! Enterprises want absolute identity proofing but must live with shades of uncertainty
If you go into InfoSec, remember this… PREPARE DETECTRESPOND
A final thought …
Digital Humanism (don’t be a jerk)  Don’t intrude on personal space  Don’t try and engineer personal intelligence and prerogatives out of the system  Don’t try to maximise machine efficiency at the expense of usability
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teaching People about Internet Security

Recommended

Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
Yusuf Qadir
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Money 2Conf
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
 
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience stream
Callcredit123
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
Mike Spaulding
 
E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerce
abe8512000
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
Oregon Law Practice Management
 

Recommended

Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
Yusuf Qadir
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Money 2Conf
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
 
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience stream
Callcredit123
 
Web Application Hacking 2004
Web Application Hacking 2004Web Application Hacking 2004
Web Application Hacking 2004
Mike Spaulding
 
E-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-CommerceE-Commerce Security Workable Attacks Againest E-Commerce
E-Commerce Security Workable Attacks Againest E-Commerce
abe8512000
 
What to do after a data breach
What to do after a data breachWhat to do after a data breach
What to do after a data breach
Oregon Law Practice Management
 
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification streamCallcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit123
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-Commerce
Now Dentons
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
blogzilla
 
E commerce
E commerceE commerce
E commerce
Humayun Khalid Qureshi
 
ICT ICA3
ICT ICA3ICT ICA3
ICT ICA3
bf0801.bm0741s109
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
Robert Craig
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
Teo Leonard
 
Detecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-TimeDetecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-Time
Laurent Pacalin
 
10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade
studentinternetdeals33
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrime
Jenny Reid
 
How To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live WebinarHow To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live Webinar
Kount
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
ENC
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
Rachel Hamilton
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 
Cryptocurrency Scams | How Do You Protect Yourself?
Cryptocurrency Scams | How Do You Protect Yourself?Cryptocurrency Scams | How Do You Protect Yourself?
Cryptocurrency Scams | How Do You Protect Yourself?
Money 2Conf
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
Laurent Pacalin
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
OCTF Industry Engagement
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 

More Related Content

What's hot

Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification streamCallcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit123
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-Commerce
Now Dentons
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
blogzilla
 
E commerce
E commerceE commerce
E commerce
Humayun Khalid Qureshi
 
ICT ICA3
ICT ICA3ICT ICA3
ICT ICA3
bf0801.bm0741s109
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
Robert Craig
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
spencerharry
 
Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
Teo Leonard
 
Detecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-TimeDetecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-Time
Laurent Pacalin
 
10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade
studentinternetdeals33
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrime
Jenny Reid
 
How To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live WebinarHow To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live Webinar
Kount
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
ENC
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
Rachel Hamilton
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 
Cryptocurrency Scams | How Do You Protect Yourself?
Cryptocurrency Scams | How Do You Protect Yourself?Cryptocurrency Scams | How Do You Protect Yourself?
Cryptocurrency Scams | How Do You Protect Yourself?
Money 2Conf
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
Laurent Pacalin
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
OCTF Industry Engagement
 

What's hot (20)

Callcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification streamCallcredit's Fraud Summit 2016 - Identity verification stream
Callcredit's Fraud Summit 2016 - Identity verification stream
 
Privacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-CommercePrivacy and Security in Mobile E-Commerce
Privacy and Security in Mobile E-Commerce
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
 
E commerce
E commerceE commerce
E commerce
 
ICT ICA3
ICT ICA3ICT ICA3
ICT ICA3
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
 
Detecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-TimeDetecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-Time
 
10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade10 of the Top Data Breaches of the Decade
10 of the Top Data Breaches of the Decade
 
Investigating & proving cybercrime
Investigating & proving cybercrimeInvestigating & proving cybercrime
Investigating & proving cybercrime
 
How To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live WebinarHow To Catch A Fraudster Live Webinar
How To Catch A Fraudster Live Webinar
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
 
Cryptocurrency Scams | How Do You Protect Yourself?
Cryptocurrency Scams | How Do You Protect Yourself?Cryptocurrency Scams | How Do You Protect Yourself?
Cryptocurrency Scams | How Do You Protect Yourself?
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 

Similar to 30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teaching People about Internet Security

Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
Ulf Mattsson
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
IBM Security
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptx
SAbedinArman
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
homeworkping4
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
OCTF Industry Engagement
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
politegcuf
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
NPowerCR
 
Forthright Security Lunch and Learn - Ransomware Focus 2
Forthright Security Lunch and Learn - Ransomware Focus 2Forthright Security Lunch and Learn - Ransomware Focus 2
Forthright Security Lunch and Learn - Ransomware Focus 2David Dubree
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
OCTF Industry Engagement
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
Bushra22
 
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business PeopleDSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
Andris Soroka
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
Symantec
 

Similar to 30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teaching People about Internet Security (20)

Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
IT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptxIT-Risks-for-Non-profits-September-18SEPT17.pptx
IT-Risks-for-Non-profits-September-18SEPT17.pptx
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
Forthright Security Lunch and Learn - Ransomware Focus 2
Forthright Security Lunch and Learn - Ransomware Focus 2Forthright Security Lunch and Learn - Ransomware Focus 2
Forthright Security Lunch and Learn - Ransomware Focus 2
 
CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin CRI "Lessons From The Front Lines" March 26th Dublin
CRI "Lessons From The Front Lines" March 26th Dublin
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business PeopleDSS @RIGA COMM2013 - The Value of an IT Security for Business People
DSS @RIGA COMM2013 - The Value of an IT Security for Business People
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 

Recently uploaded

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
CarlosHernanMontoyab2
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 

Recently uploaded (20)

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 

30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teaching People about Internet Security

  • 1. 30 years living a happy life Breaking Systems, Chasing Bad Guys, and Helping People Understand Internet Security
  • 2. About.me/jhc  Jonathan Care  @arashiyama  http://www.linkedin.com/in/computercrime
  • 3. What makes you happy?
  • 4. Highlights and lowlights  Helped build one of the first Internet backbones  Set up my own ISP from scratch (just add £2M…)  Investigated numerous breaches in conjunction with major tech vendors and law enforcement  Expert witness testimony  Cryptographic design for UK Government  Discovered the iOS “location.consolidated” bug  Dot.com millionaire!  Risk research for a large credit card company  CHECK accredited penetration tester  PCI DSS auditor
  • 5. Where did I get started?
  • 6.
  • 7. What have I observed?
  • 9. Real reality  Regrettably the percentage of organisations reporting computer intrusions has continued to decline. The key reason given… was the fear of negative publicity. As a consequence this has resulted in a belief that the threat and impact has also been gravely underestimated – Metropolitan Police  If I report this, I am worried what else the police will find – Anonymous IT Director  We don’t handle payments so it doesn’t really matter if our code is secure or not – Web Development firm providing e-commerce (!) How soon can we start our web server up again? – Compromised Web Merchant
  • 10. Why commit crimes on the Internet?  Potentially High Financial Gain  Anonymity  Rapid, secure, global communications  Global impact – 1 billion plus users (1 in 6 of the world’s population)  Virtual marketplace – reduced risks of being detected, disrupted or caught  Volatile evidential trail – ISP limited retention of data  Cross Border investigations protracted for law enforcement And… “Because that’s where the money is” – Willie Sutton
  • 13.
  • 15.
  • 18. Data Privacy is Dead Criminals get ongoing access to credit reports SSNDOB Compromise of KBA and PII at Major Data Brokers PII data combined with financial records for sale Serious web-code vulnerabilities compromise sensitive information Almost 1.5 billion usernames and passwords stolen *Source Symantec Internet Security Threat Report 2014
  • 20. What have I learned?  All software has bugs.  Bugs will be discovered  Some bugs will have a security impact  Product owners continue to value functionality over security  Investors place little value on security and privacy  End users trust vendors  Security is always trumped by convenience – bad design makes bad security
  • 21. What can we do?
  • 22. Security architecture landscape Customer friction ‘harder is better’ doesn’t keep bad guys out and annoys good guys Systematic compromise of personal data & credentials Exceptions; you are only as good as your weakest link! Enterprises want absolute identity proofing but must live with shades of uncertainty
  • 23. If you go into InfoSec, remember this… PREPARE DETECTRESPOND
  • 25. Digital Humanism (don’t be a jerk)  Don’t intrude on personal space  Don’t try and engineer personal intelligence and prerogatives out of the system  Don’t try to maximise machine efficiency at the expense of usability