The document discusses LinkedIn's 2012 security breach where 6.5 million user passwords were stolen, resulting in a lawsuit and criticism for inadequate security measures. It also covers the Stuxnet cyber attack on Iran's nuclear facilities, which delayed Iran's nuclear capabilities by five years due to its sophisticated design and nation-state involvement. Additionally, it highlights information security challenges in Europe, including past cyber attacks and initiatives to improve cyber resilience across EU member states.

1. YOU’RE ON LINKEDIN?
WATCH OUT!
1

2. •160 million members
•People looking for jobs or to advance their careers
•now valued at over $12 billion
2

3. • In June 2012: Hackers breached LinkedIn’s security and stole 6.5 million user passwords
• LinkedIn Faces $5 Million Lawsuit After Password Breach
3

4. • Security experts criticized LinkedIn for not having a chief security officer.
• LinkedIn was found to have minimal password protection
• protecting consumer data is an ongoing effort, not a one-time fix.
4

5. • The problems created by the theft of 6.5 million passwords at LinkedIn
illustrate some of the reasons why businesses need to pay special attention to
information system security.
5

6. I N T E R A C T I V E S E S S I O N : O R G A N I Z AT I O N S
STUXNET AND THE CHANGING FACE OF
CYBERWARFARE
6

7. STUXNET
• July 2010
• targeting Iran’s nuclear facilities
• Iran’s President Mahmoud Ahmadinejad publicly acknowledged that
malicious software had infected the Iranian nuclear facilities and disrupted
the nuclear program by disabling the facilities' centrifuges.
• first visible example of industrial cyberwarfare
• is the most sophisticated cyberweapon ever deployed
7

8. Windows-based worm had a “dual warhead.”
• One part was designed to lay dormant for long periods, then speed
up Iran’s nuclear centrifuges so that they spun wildly out of control.
• Another secretly recorded what normal operations at the nuclear
plant looked like and then played those recordings back to plant
operators so it would appear that the centrifuges were operating
normally when they were actually tearing themselves apart.
8

9. • Stuxnet only became active when it encountered a specific configuration of
controllers, running a set of processes limited to centrifuge plants.
• Over 60 percent of Stuxet-infected computers are in Iran.
• Kaspersky Labs: the worm was launched with nationstate support (probably
from Israel and the United States).
• Stuxnet wiped out about one-fifth of Iran’s nuclear centrifuges.
• The damage was irreparable and is believed to have delayed Iran’s ability to
make nuclear arms by as much as five years.
• And Stuxnet is not the only cyberweapon currently at work.
• The Flame virus, released about five years ago, has been infecting computers
in Iran, Lebanon, Sudan, Saudi Arabia, Egypt, Syria, and Israel.
• The Duqu worm, discovered in September 2011
9

10. 10

11. CA S E S T U DY Q U E S T I O N S
• Is cyberwarfare a serious problem? Why or why not?
• Assess the management, organization, and technology factors that have created
this problem.
• What makes Stuxnet different from other cyberwarfare attacks? How serious a
threat is this technology?
• What solutions for have been proposed for this problem? Do you think they will
be effective? Why or why not?
11

12. I N T E R A C T I V E S E S S I O N : T E C H N O L O G Y
12

13. 13

14. 14

15. 15

16. 16

17. CA S E S T U DY Q U E S T I O N S
• What technology issues led to the security breach at MWEB?
o selfservice management system that MWEB Business uses to provide and manage business accounts that
have not yet been migrated to the MWEB network.
• What is the possible business impact of this security breach for both
MWEB and its customers?
o MWEB: Loss of customer confidence, customer:Loss of important data and financial loss
• If you were an MWEB customer, would you consider MWEB’s
response to the security breach to be acceptable? Why or why not?
o Yes, MWEB responded quickly to the hacking incident.
• What should MWEB do in the future to avoid similar incidents?
o Use of technology that tested and secure
17

18. CASE STUDY
Information Security Threats and
Policies in Europe
18

19. • The IT sector is one of the key drivers of the European economy.
• 87% access to mobile phones.
• In 2009, the European broadband market was the largest in the
world.
19

20. • In 2007, Estonia suffered a massive cyber attack that affected the
government, the banking system, media, and other services. (DDoS)
oThe cyber attack on Estonia started in late April 2007 and lasted for almost 3
weeks.
• Arsys, an important Spanish domain registration company, was also
targeted by international hackers.
ohackers had stolen codes that were then used to insert links to external servers
containing malicious codes in the Web pages of some of its clients.
• In 2009, an estimated 10 million computers were infected with the
Conflicker worldwide.
o In the UK Ministry of Defense, German army
• More recently, a sophisticated malware
o STUXNET: was detected in Germany, Norway, China, Iran, India, Indonesia, and
other countries.
20

21. • As of 2001, EU member states had independent groups of experts
that were responsible for responding to incidents in information
security. (lacked coordination)
• in 2004 the European Commission established the (ENISA) with the
goal of coordinating (ENISA’s main objectives: secure Europe’s
information infrastructure, promote security standards, and educate)
• ENISA organized the first pan-European Critical
Information Infrastructure Protection (CIIP)
• The European Commission has recently launched the Digital Agenda
for Europe. The goal of this initiative is to define the key role that
information and communication technologies will play in 2020,
Another goal is that broadband speeds of 30Mbps be available to all
European citizens by 2020.
21

22. CASE STUDY QUESTIONS
1. What is a botnet?
2. Describe some of the main points of the Digital Agenda for Europe.
3. Explain how a cyber attack can be carried out.
4. Describe some of the weaknesses exploited by malware.
22