Developed for the STEM4All lifelong learning class (2014) a topic that will change significantly with time
Describes key concepts and points to a number of online resources
42 - Malware - Understand the Threat and How to RespondThomas Roccia
Malware are becoming more and more complex. In this talk presenting with Jean-Pierre Lesueur at the School 42, we explained the business model behind as well provided an understanding of the Malware Threat.
CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of user’s data taken hostage, CoinMiners profit comes from high jacking computer resources. As long as the CoinMiner stays undetected and stealth, the higher its author profit.
In this talk we will focus on the unexplored territory of CoinMiner evasive maneuver and functionality to avoid getting found by its victims and provide tactics and tools to combat them.
42 - Malware - Understand the Threat and How to RespondThomas Roccia
Malware are becoming more and more complex. In this talk presenting with Jean-Pierre Lesueur at the School 42, we explained the business model behind as well provided an understanding of the Malware Threat.
CoinMiners are on the rise, trending so high that in the last couple of month they almost completely replaced ransomware in both media and the research community. Unlike ransomware which profit from rapid encryption of user’s data taken hostage, CoinMiners profit comes from high jacking computer resources. As long as the CoinMiner stays undetected and stealth, the higher its author profit.
In this talk we will focus on the unexplored territory of CoinMiner evasive maneuver and functionality to avoid getting found by its victims and provide tactics and tools to combat them.
Demos and mitigation strategies from real-world case studies of advanced intrusions like the hack of the Democratic National Committee and others that CrowdStrike has detected globally. The session will showcase demos of intrusion tradecraft of sophisticated nation-state adversaries from Russia, China and Iran.
(Source : RSA Conference USA 2017)
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...CODE BLUE
DeepExploit is fully automated penetration testing tool using Deep Reinforcement Learning. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint. DeepExploit’s key features are the following:
1) Efficiently execute exploit:
DeepExploit can execute exploits at pinpoint (minimum 1 attempt).
2) Deep penetration:
If DeepExploit succeeds the exploit to the target server (=compromised server) with in the perimeter network, then it executes the exploit to internal servers via compromised server.
3) Self-learning:
DeepExploit can learn how to exploitation by itself.
By using our DeepExploit, you will benefit from the following:
For penetration testers:
(a) They can greatly improve the test efficiency;
(b) The more penetration testers use DeepExploit, DeepExploit learns how to method of exploitation using Deep Reinforcement learning. As a result, accuracy of test can be improved.
For Information Security Officers:
(c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach.
Because attack methods to servers are evolving day by day, there is no guarantee that yesterday’s security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. DeepExploit will contribute greatly to maintaining your safety.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Lend me your IR's!
-Matt Scheurer
Circle City Con
CircleCityCon 7.0 Apocalypse
June 13, 2020
Abstract:
Have you ever felt compelled to tip your cap to a malicious threat actor? Protecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies; oh my! Once in a while we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features live demo reenactments from some advanced attacks investigated by the presenter. The live demos showcase technical deep dives of the underpinnings from both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies, freely available tools, and techniques helpful during incident response investigations.
Bio:
Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG), an Ambassador for Bugcrowd, and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), Information Systems Security Association (ISSA), and InfraGard.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
HACKING DIVERSITY
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
Demos and mitigation strategies from real-world case studies of advanced intrusions like the hack of the Democratic National Committee and others that CrowdStrike has detected globally. The session will showcase demos of intrusion tradecraft of sophisticated nation-state adversaries from Russia, China and Iran.
(Source : RSA Conference USA 2017)
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.
[CB19] Deep Exploit: Fully Automatic Penetration Test Tool Using Reinforcemen...CODE BLUE
DeepExploit is fully automated penetration testing tool using Deep Reinforcement Learning. It identifies the status of all opened ports on the target server and executes the exploit at pinpoint. DeepExploit’s key features are the following:
1) Efficiently execute exploit:
DeepExploit can execute exploits at pinpoint (minimum 1 attempt).
2) Deep penetration:
If DeepExploit succeeds the exploit to the target server (=compromised server) with in the perimeter network, then it executes the exploit to internal servers via compromised server.
3) Self-learning:
DeepExploit can learn how to exploitation by itself.
By using our DeepExploit, you will benefit from the following:
For penetration testers:
(a) They can greatly improve the test efficiency;
(b) The more penetration testers use DeepExploit, DeepExploit learns how to method of exploitation using Deep Reinforcement learning. As a result, accuracy of test can be improved.
For Information Security Officers:
(c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach.
Because attack methods to servers are evolving day by day, there is no guarantee that yesterday’s security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. DeepExploit will contribute greatly to maintaining your safety.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Lend me your IR's!
-Matt Scheurer
Circle City Con
CircleCityCon 7.0 Apocalypse
June 13, 2020
Abstract:
Have you ever felt compelled to tip your cap to a malicious threat actor? Protecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies; oh my! Once in a while we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features live demo reenactments from some advanced attacks investigated by the presenter. The live demos showcase technical deep dives of the underpinnings from both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies, freely available tools, and techniques helpful during incident response investigations.
Bio:
Matt Scheurer serves as Chair of the Cincinnati Networking Professionals Association Security Special Interest Group (CiNPA Security SIG), an Ambassador for Bugcrowd, and works as a Systems Security Engineer in the Financial Services industry. He holds a CompTIA Security+ Certification and possesses multiple Microsoft Certifications including MCP, MCPS, MCTS, MCSA, and MCITP. He has presented on numerous Information Security topics as a featured speaker at many local area technology groups and large Information Security conferences. Matt maintains active memberships in a number of professional organizations including the Association for Computing Machinery (ACM), Cincinnati Networking Professionals Association (CiNPA), Financial Services - Information Sharing and Analysis Center (FS-ISAC), Information Systems Security Association (ISSA), and InfraGard.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
Malware varies mostly in the visible payloads that they manifest. We can see them infecting files, un-installing antimalware applications, stealing important documents, controlling our computers remotely, and other malicious activities.
What we don’t see is how they are implemented within the malware code. Modern malware uses different techniques to protect themselves from detection, analysis, and eradication. Some malware uses layers to even obfuscate the way they use these protections.Layers in malware are defense mechanisms against deep analysis. Within these layers, different malware tricks are also deployed.
In this presentation, we are going to look into Scieron and Vawtrak. Two different malware that implements layers differently. We will see some video demo on how some of the malware code are executed within the context of a debugger.
Finally, we are going to leverage Volatility, a memory forensic tool, to detect the presence of layers in an infected system.
HACKING DIVERSITY
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
Mr. Eduard Rodès Director of the European Short Sea Shipping School ASCAME
Session: Business opportunities and enterprise experiences in the Mediterranean logistics and transport sector
Presentation: European Short Sea Shipping School
The Mediterranean Ports Summit is organised by the Association of Mediterranean Chambers of Commerce and Industry (ASCAME), the Consorci de la Zona Franca de Barcelona with the collaboration of Barcelona Chamber in the framework of SIL2015.
The Mediterranean Port Summit 2015 is the largest annual Ports and Shipping conferences throughout Europe, the Middle East and Africa. This event in Barcelona is the gathering of maritime industry leaders. The program features many top industry professionals sharing their perspectives on port investments and terminal developments around the region, providing invaluable insights into the numerous opportunities in this sector of Commerce.
The Mediterranean Ports and Shipping Summit focused on key concepts such as institutional and fiscal reforms; the construction, extension and modernization of port platforms; the search for management and collaboration systems; the promotion of alliances to strengthen the position of world leadership; Mediterranean Ports a Gateway to Europe, Asia and Africa; the Port, City and Cruise Tourism, as well as the response of Mediterranean ports to the challenges brought by 800 million people.
a simple presentation with introduction on hacking, presented by anant shrivastava on behalf of linux academy at rkdf bhopal http://academylinux.com and contact anant at http://anantshri.info
This is the brief description on Ethical Hacking.
You can surely download it & do ask me if any queries regarding any topic , will answer it soon as possible...
"BitDefender - What's Next" by Alexandru Balan @ eLiberatica 2008eLiberatica
This is a presentation held at eLiberatica 2008.
http://www.eliberatica.ro/2008/
One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions.
The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.
Ransomware is a PC or Mac-based malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.
Not only can ransomware encrypt the files on your computer; the software is smart enough to travel across your network and encrypt any files located on shared network drives. This can lead to a catastrophic situation whereby one infected user can bring an entire company to a halt.
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
Network security is a set of technologies that protects the usability and integrity of a company's infrastructure by preventing a wide range of potential threats from entering or spreading within a network.
Similar to CyberAttack -- Whose side is your computer on? (20)
Presentation developed for NH IEEE groups, and adapted for life long learning audiences. Big Data has reached a tipping point, where applications are multiplying, many using our personal data in ways we do not expect, or necessarily agree with. This is augmented by Artificial Intelligence which can detect far more subtle criteria than a human might. A peek into the future -- for better or worse. Related course syllabus at: https://is.gd/BigDataIssues
Zen and the Art of Motorcycle MaintainenceJim Isaak
Created for informal class(es) where we have been reading this book by Robert Pirsig and discussing it. It is a tightly woven tale integrating psychology, philosophy, epistemology, even some Zen, some Art and some Motorcycle Maintenance. However, a key focus is on the relationship between Quality, Care/mindfulness, and the impact this has on individuals and society
STEM program for Life Long Learning with an emphasis on the cold war, critical thinking exploring the sinking of the Soviet K129, US SSN Scorpion, and Cuban Missile Crisis
Carpe Cras - seize the future! ...
This outlines some of the considerations for new (and existing) technology professionals need to consider looking forward at their careers. Created for the IEEE Computer Society New Hampshire Chapter meeting, March 8, 2011
The Future of Computing Professions -- influences from Moore's Law, innovation, social capital development, career planning and leadership -- with a focus on the value of getting involved in professional activities.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
1. Cyber attack
Whose Side is Your Computer On?
Jim Isaak – STEM4All
2015: 4/27-5/24 OLLI Concord 1-2:30 PM
Week 2 3 4 5
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
2. Based on feedback
Basics with definitions first … help folks to absorb
Computer terminology
PLEASE – ASK! ---
You are not the only one who doesn’t get them
There is a lot of Jargon
You won’t really get it the first time
You are not expected to be experts in related fields
(And even if you are, some of this stuff is new)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
3. http://is.gd/Cyberattacks
Has Syllabus/Outline for class
With hot links to a number of resources
• Including videos (mostly “free”) and
• Pointers to authoritative sources and
• To tools that are useful
This presentation is available from the site
Note that <Local> links to video clips used in class
The second link will be to online-versions
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
4. Anthem Record Theft - Jan 2015
80 Million customer records – SS#’s (etc) in the clear
Key risk is identity theft, and secondary is abuse of insurance (to
buy medications, pay for services)
You can put an initial fraud alert on your credit bureau records
for 90 days “free” , call one they will contact others
(get your free credit report if you have not done so recently)
Can renew after 90 days
Equifax 1-800-525-6285
Experian 1-888-397-3742
TransUnion 1-800-680-7289
http://www.consumer.ftc.gov/articles/0275-place-fraud-alert
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
5. Cybersecurity for The Common Man
(or woman)
Bad actors are out there
They want your computer
Why? How? Who?
We will look at the context of some of these questions
-- Yes that fellow from “Nigeria” wants your money
-- Yes those folks from <to be disclosed> want to use
your computer to attack:
the United States, Iran, Amazon, Google, et al
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
6. An overview
Of the concepts of cybersecurity
is it a virus or a worm (and do you care?)
Phishing for your identify
Spoofing is not just a Halloween prank
And some examples
Did President Regan destroy the Soviet Pipeline?
Who destroyed Iranian nuclear facilities and how?
And some suggestions on how to detect/avoid
becoming a victim or a zombie!!
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
7. A Few Quick Things:
Make sure your operating system & APP “updates” are
actually “Up to date” (that’s why the call them that)
Make sure you have a firewall turned on
Make sure you have AntiVirus software – that it is up to
date – and have it do a scan or full scan soon!
Beware of “short emails” that just have a link – even
from friends (they have been hacked)
You do not have a friend in Nigeria who wants to help
you with his fortune, (or a friend/ relative/
granddaughter stuck in some foreign city who needs
bail ….)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
9. What makes computers and
networks vulnerable?
Re-purposing – Programmable devices
Computers are defined as ‘programmable devices’
A set of instructions can make it do many different things The same
memory is used for data and instructions And can be targeted for
revision/rewrite
Complexity
Computer Programs contain millions of instructions
Often programmers do not handle exceptions
Or they don’t consider “abuse” opportunities
Clones
Many systems are identical hardware & os
Networked --- can pass “infection” from one to another
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
10. Who and why?
“Kids” to show they can do it – “Script kiddies”
back in the 80’s this was “new”
Or “Hacktivists” sending a “message”
Criminals – blackmail (if you don’t … we will …)
Grand theft – from Banks, etc.
Credit Card info (calling cards, etc.)
Con artists (if you would be so kind as to give me
your bank account number and …)
Nation States –
We could use the plans for the F22
Or all of the potential oil sites, or …
Why not terrorists? (No blood on the front page?)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
12. And who are the targets
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
13. What do we call them?
Hackers
In some circles this is an honorific, reflecting mastery
of “making things work” from scratch
Used in computing, but also “maker” labs etc.
Crackers
The “hacker” term for folks who do bad things
hacking
White-hat – Good Guys
Black-hat – Bad Guys
DefCon – A conference of anonymous, pay in cash at
the door folks – hat colors vary
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
14. Example of computer source code
piece of “Basic” codePrivate Sub Start_Btn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
Handles Start_Btn.Click
Dim target_Path As String
Dim count As Integer = 0
target_Path = ""
FileNameLst.Items.Clear()
DateTargets.Items.Clear()
Try
Application.DoEvents()
target_Path = FolderBrowserDialog1.SelectedPath
If FolderBrowserDialog1.ShowDialog() Then
If target_Path = FolderBrowserDialog1.SelectedPath Then Exit Try
target_Path = FolderBrowserDialog1.SelectedPath
FolderBrowserDialog1.Dispose()
Me.Text = target_Path
'get a list of all jpg file names
For Each foundImage As String In My.Computer.FileSystem.GetFiles(target_Path)
If foundImage.EndsWith(".JPG", StringComparison.CurrentCultureIgnoreCase)
Then Me.FileNameLst.Items.Add(foundImage)
Next
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
15. Example of Assembly codege Code
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
16. Example of Machine Language
Load a value into register 8, taken from the memory
cell 68 cells after the location listed in register 3:
[ op | rs | rt | address/immediate]
35 3 8 68 decimal
100011 00011 01000 00000 00001 000100 binary
The sophisticated “Cracker”/”Hacker” works at this level
--- understanding what the code is doing, and
modifying it to do something different
This stuff may be harder than Rocket Science
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
17. 2012
400+ million individuals in victims of cyber crimes
2/3 of US individuals in their lifetime
Threat to IP by nation states
speed & volume of what can be taken to market
$600 billion in losses; thousands of jobs (if…)
Threat to military targets/operations
Disruption of communications
Threat to infrastructure – Cyber-physical
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
18. Malware 1
Virus – A bit of machine code that is designed to insert
it’s self into existing code on your computer
(an “infected file”)
“signatures” are snippets of code that indicate a virus
Worm – a program that tries to infect other computers
using your computer
Trojan horse
A program that seems “OK” but carries malware
Scripts – higher level programming elements that are
executed by your browser (or other tools)
Rootkit – a virus infecting the very basic level of your
system so it is hard to detect and eliminate
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
19. Malware 2
Adware – causes ads to appear typically unwelcome
ones, but may also track your use of the system
pop-up (on top of your browser)
pop-under (window hidden below your browser)
Bot, Botnet, Zombie
A computer (yours??) taken over with a virus (often a
root kit) that is controlled from a remote site
You can “rent” a million systems to do your bidding
spyware, keystroke logging
Malware on your system may watch what you do
keystroke logging allows capture of passwords
Identify Theft
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
20. Malware 3
Spoofing
Fake name
Fake email address
Fake IP Address
Fake URL/Domain…
SPAM – is unsolicited email (ads..)
But:
Phishing – seeks to get you to disclose key
information --- “Hi, I’m Jane from Credit Card …”
Often appears to be from a bank, or major vendor
Downloaders – web site that stuffs files onto your
computer when you are not looking – may use
scripting…
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
23. Email Attack
Email warning signsEmail warning signs
No SubjectNo Subject
Just has a URL, no explanationJust has a URL, no explanation
Odd Domain targetsOdd Domain targets
Key Alert: “PHP” (executable file)Key Alert: “PHP” (executable file)
John indicates someone accessed his Yahoo acctJohn indicates someone accessed his Yahoo acct
I got three copies, but sent to three different emailI got three copies, but sent to three different email
accounts of mineaccounts of mine
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
24. A Phishing we will go
Odd title: “WU”Odd title: “WU”
Bad grammar : funds is availableBad grammar : funds is available
Sent from unexpected country: “.uy”Sent from unexpected country: “.uy”
Not a language I’d expect – Oddly URL is “accurate”Not a language I’d expect – Oddly URL is “accurate”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
26. Lenovo’s Superfish (Bloatware)
The software tried to pop up useful alternative shopping results for
images. But in order to work on HTTPS-encrypted sites,
Superfish made use of a nasty (and horribly implemented)
"SSL hijacker" from Komodia, which installed a self-signed root
certificate that basically allowed anyone to issue
totally fake security certificates for any encrypted connection,
enabling very easy man-in-the-middle attacks. Among the
many, many, many stupid things about the way Komodia
worked, was that it used the same certificate on each
installation of Superfish, and it had an easily cracked password:
"komodia" which was true on apparently every product that
used Komodia. And researchers have discovered that a whole
bunch of products use Komodia, putting a ton of people at risk.
People have discovered at least 12 products that make use of
Komodia. [March 2015]
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
27. Methods
Social Engineering – via email
“hi I’m representing the estate of …”
“Please reply to receive your free….”
“I seem to have lost your … please get back to me”
“Hi, I’m Jane Doe, Vice President at <your bank>..”
But also
Leave a USB “thumbdrive”, or SD card in a coffee shop
Call up and ask for George
Tail gate into a facility
Date someone “inside”
Hoaxes- Pretends to warn you of a virus, or infection
Gets you to download Trojan horse “fix”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
28. The Good stuff
Firewall – sits between your computer and the bad guys
Limits what can come in
Limits what goes out
Patches, updates
It is a pain when Microsoft/Apple triggers a download
followed by an install sequence ….
But, often this is to patch a security hole
Tools on your system
Anti virus scan; malware scan; adware scan
real time browser and email monitoring
Encryption - public/private keys – VPN
Sites with “HTTPS” are safer than sites with “HTTP”
Microsoft “defender” etc. is one tool from folks with a high
incentive to cover their liabilities
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
29. Day zero attacks
approximately 12 of 12 million attacks are Day Zero
each year - valued at $50k-500k
This means that “out of date” software is a primary
target (patches and updates!!)
There are folks all over the world watching for a
really “new” attack … US Government, Security
Vendors, white-hat hackers, major corporations
and of course bad guys
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
31. Phone Phreaking
In Band signaling – 2600 Hertz to get control
Blind youth with perfect pitch & control
Capt. Crunch whistle
Blue Box technology – “The Woz”
“Hackers” – conventions with anonymous & Masks
Social engineering
Inspired Steve Wozniack – founder of Apple
Discovery Channel Documentary
The Secret History of Hacking (on YouTube)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
32. History – KGB & Star Wars
<local 12min>
“The Cuckoos Egg" - Cliff Stoll and the KGB
- 75 cent error – 1986
- watched to observe “code insertion” and changing
of the accounting log
- Reported to “authorities”
Lawrence Livermore links to Starwars program
- Traced back to MITRE corp in Virginia
- Traced back to German University “Student”
- Funded by KGB!
Cliff is an interesting character, see his video on
Ted.com “18 minutes with an agile mind”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
33. Robert Morris - 1988 Internet Worm
Used known entry points:
“-Debug” in email
overflow in “Finger” program
on system dictionary to break passwords
on system listing of neighboring ‘trusted’ systems
email propagation though user lists
No actual “damage” – a “proof of concept”
that got out of control
Irony: Robert Morris Sr. worked at NSA at the time
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
34. Rand Reports
Cyberwarfare scenario circa 1995 <no longer available>
Sequence of events
Including airliner attack (control system)
Wall Street attack
With
Nation States potentially involved
Terrorists
US Dissidents
and an outbreak of war in the middle east
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
35. Love Bug --
2000 LOVE-LETTER-FOR-YOU.txt.vbs
10’s of millions of infected computers
Billions of dollars of damage
Not illegal in Philippines where it was created
forwarded itself to first 50 folks on your Outlook email
list
YOU.txt.vbs --- .txt is a harmless “text file” extension
YOU.txt.vbs --- VBS is a potentially harmful executable
Windows defaults to “not show” known extensions
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
36. Kevin Milkinick
“Notorious” for breaking into Digital & other Computers
Often used default passwords (field service access)
Or easily broken codes
Looking for money – banks, industry
transfer to other accounts
Served a number of years in jail
Was not allowed access to computers
Fought restrictions after release
Now a computer security consultant
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
37. Oil data 2007 to 2009 --
Chinese “University” sources broke into the major US
Oil Firms
Downloaded data about the potential value of various
oil fields explored but not acquired, and
recommended acquisition bids
China subsequently bid to various countries for rights to
high value oil fields
Projected loss: billions of dollars of value &
access to key oil reserves
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
38. Upping the ante
Aurora proof of concept – 2007
(4 Minutes, CNN video)
“Standard” US (& other) Power station
Modem link to backup generator
Power cycled unit on/off --- “out of spec”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
39. Car Hacking
Many modern cars have computers that “talk to the
world” (On-star) or added-on (Verizon Telematics
deal with Insurance Companies, “InDrive”) – and
computers that talk to your car (accelerator, breaks)
and these talk to each other, and may talk with
strangers.
(Didn’t your mother warn you about this?)
http://www.cbsnews.com/news/car-hacked-on-60-minutes/
Preview- DARPA Dan.mp4
My Insurance Co asserts “it is not hackable”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
40. Why hack a car?
Forbes article pushback
It is very difficult
There isn’t repeatable money in it
Time, expertise and motive
Murder – hard to detect
Blackmail – what will my Insurance Co CEO do when
they get that call? (2,000 of your cars…..)
Terrorists – massive loss of car control will get blood on
the front page ….
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
41. War Stories
2013 probe of 3.7 billion systems (MIT Tech Review)
surfaces 310 million vulnerable
Bot scan of "entire" net in 2012
http://en.wikipedia.org/wiki/Carna_Botnet
• 1.3 billion IP addresses identified
• Used 420,000 devices (perhaps even your computer)
The Internet of Things will expand the number of
targets by thousands – most of which will be boring,
some of which will have 20+ year lifespans
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
43. Cyber warfare (ouch)
A problem of definition … with possible major impact
<local> (TED-ed video Defining Cyberwarfare - 3 min)
<local>“Cyberthreat”
(French with subtitles from ParisTEDx – 9min- Guy…)
Key points:
• Cyberwarfare has an imbalance –favoring attack
• “Reciprocal threats of surprise attack”
• NSA reported to be suggesting pre-emptive attacks
(not just cyber) if anticipating a cyber attack
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
44. Farewell Dosier
- 1986 Pipeline destruction
<DC Myth or real …(affirmed in TEDxParis talk)>
CIA found out Soviets were seeking sensor/control
units for a trans- Siberian pipeline
They provided units (indirectly) with a “timeout”
A number of explosions destroyed the pipeline
(NORAD thought it was a missile launch)
Contributed to economic collapse of Soviet Union
(along with Starwars Hoax, Solidarity and the Pope)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
45. PROMIS
US DoD funded software to identify persons of interest
(oddly similar to FBI “Case File” fiasco in 2003)
Developed by exGovernment folks with a transition
from a “public domain” program to “copyright”
controlled program (leading to lawsuits)
Variants seemed to find their way to Isreal
But then perhaps, Trojan horse variants, to other
countries (Soviets, Iran, et al)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
46. Desert Storm 1990-94
Telephone repair team may have sabotaged Iraqi
communications systems
U.S. Special forces “upgraded” SAM anti-aircraft
batteries via stealth or social engineering
Fiber optic link across desert was compromised
Side observation – tank commanders downloaded
software updates for PC’s via cell phones in field
GPS accuracy was ‘shifted’ for non-military use
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
47. Information in warfare
5th
domain (land, sea, air, space, cyber)
Cyber is 3rd
major transition of war
Industrialization, Nuclear power, Cyber
Terrorist organizations
& Rogue States
To Rogue actors
(Pubic health model
coordination)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
48. Estonia
April 27, 2007
Denial of service attacks on many areas of Estonian
Commerce
Banks
TV stations
Government agencies
Apparently from sources in Russia in response to
moving a memorial to Soviet troops
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
49. Georgia
5 August 2008, three days before Georgia launched its
invasion of South Ossetia,
• the websites for OSInform News Agency and
OSRadio were hacked--content was replaced by a
feed to the Alania TV
• Parliament of Georgia and Georgian Ministry of
Foreign Affairs websites to be replaced by images
comparing Georgian president Mikheil Saakashvili to
Adolf Hitler
• Other attacks involved denials of service to
numerous Georgian and Azerbaijani websites
(Wikipedia)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
50. Shockwave - “We were warned”
CNN/Bipartisan Institute Shockwave 2010
or Bipartisian Policy Institute Official Site
“Simulation” (war game) with some fairly recent
“Relevant” participants over a 4 hour period on CNN
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
51. Shockwave YouTube set
• Intro part 1 -- “March madness bot attack”
• Part 2: -- quarantine cell phones,
• Part 3: -- impacting internet
• Part 4: -- Russian servers
• Part 5: -- persons of interest in Sudan
• Part 6: -- power out
• Part 7: -- Federal authorities (power priorities)
• Part 8: -- Legal/liabilities,
• Part 9: -- conclusions, summary
Only a subset of the entire program sequencehttp://is.gd/Cyberattackshttp://is.gd/Cyberattacks
52. Stuxnet
June 2009-July 2010 –
Wikipedia, Wired detectives, 2013 update
“The Real Story of Stuxnet” (IEEE Spectrum)
<Local> Langer TED Talk (11 min)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
53. Stuxnet 1
The Human Factor - "always a weak link" –
thumb drive (replication vector as well)
valid signed certificate - public/private key encryption
This is non-trivial
appeared to involve industrial espionage -
stealing info from Siemens PLC controllers
in-memory ghost DLL file
report to systems in Malaysia and Denmark, and
provided for "updates"
(re-directed to "sinkhole" –
identified 100,000+ systems in dozens of countries)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
54. Stuxnet 2
four zero day exploits - deeply hidden
[Symantic doing deep analysis in a "3 level secure
lab" similar to bio-hazard controls]
("crackme" games - reverse engineering code --
what does this do?)
contains a "genealogical tree" of infections –
led to 5 systems in Iran
table drive code -- how long it should spread, # of
systems to infect, end-date: July 12, 2012
Intercepted and changed control commands,
disabled exception detection & alarms
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
55. Stuxnet 3
First occurrence of using a strictly digital attack to
destroy physical property
Two weeks after reporting PLC sabotage objectives,
the systems in Iran stopped reporting
Precision targeting for a specific facility/configuration
Patience -- then running a bit out of spec, and back to
normal -- excessive wear, resulting in premature
failure
Inoculation value - prevents infection of previously
flagged (registry) systems
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
56. Stuxnet 4
"In the end, Stuxnet’s creators invested years and perhaps
hundreds of thousands of dollars in an attack that was derailed
by a single rebooting PC, a trio of naive researchers who knew
nothing about centrifuges, and a brash-talking German who
didn’t even have an internet connection at home." Wired
May have had 2005 and 2007 precursors
"Acts that kill or injure persons or destroy or damage objects are
unambiguously uses of force” and likely violate international
law, according to the Tallinn Manual on the International Law
Applicable to Cyber Warfare, a study produced by a group of
independent legal experts at the request of NATO’s
Cooperative Cyber Defense Center of Excellence in Estonia."
Wired 2013
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
57. Stuxnet – the gift that keeps on giving
Flame – spy on activities (undetected precursor)
Bluetooth “rifle” connection from 2km away
Spoofed as a Windows 7 update
(Certificate counterfeit)
Duqu – designed to steal information from industrial
control systems
Gauss – steal files, credentials, targeting Lebanese
bank credentials
All found by Kaspersky in follow-up on Stuxnet
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
60. Passwords
Passwords – over-abused
“What is the value of this protection?”
for you or is it their marketing?
have a “don’t care” password (but use with care)
For serious stuff: 8+ characters, mix numbers and
punctuation, etc.
(some sites encrypt user names as well)
Don’t re-use your really important passwords!
Financial, Health, email (too many insights here)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
61. Passwords– the challenge
With modern Graphics Processors (3,000+ parallel
computers on a chip, $1000) it is possible to “break”
dictionary word codes (100k words) in 1/10000th
of a
second. – 8 number/letter strings in 4 days
75 days for 8 characters with punctuation
Hilarie Orman suggests
• pass phrases: “worldinhishands”
• Random words: “correct horse battery staple house”
• Mangled phrases: “scoRe4&7annos”
She also discovered that her “basal ganglia” typos
yielded passwords she did not know but could
reproduce – just typing fast.
Quantum Computing can void all bets
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
62. Biometrics,
Biometrics include:
• Fingerprint scanning
• Retinal scan
• Face recognition
• Voice recognition
Germany’s “Chaos Computer Club” used a High-Def
camera photo of a politician at a public event and
extracted a fingerprint image that might be sufficient
for ID access
Social Engineering – bio systems “back off”, or angry
“customer” calls may result in unauthorized access
And of course– you can change your password, have
you tried to change your fingerprints?
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
63. Tokens
• USB stick with critical key
• Secondary access key
• Shared secrets: Mother’s maiden name, first pet, etc.
• SMS/Cell phone “one time key” … but:
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
65. Tools you want to use:
Firewall – watches & locks the doors in and out
16,000 doors in, 16,000 doors out (more on some)
Virus protection – scans and quarantines problem files
Microsoft security essentials (Windows Defender)
Email/browser (Internet) scanning
For viruses in downloads, for abnormal site activities
Spyware/Malware/adware detection
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
66. Backup
There are “automatic backup” operations – to a
physical device, to the cloud (e.g. Google Drive)
This is good protection against device failure
---
However, not against ransomware, or some other
viruses (that will impact both your primary and your
backup systems)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
67. A ransom-ware resistant backup
Identify what files you REALLY need to keep
(you can reinstall most software after reinstalling your operating
system)
My candidates include: Photographs (digital ones are hard to replace); music
(pain to copy back on the system from original media, and financial data
(Quicken…)) …
For these items I suggest a 3-copy strategy
(of course a copy of all photos to write-once CD/DVD can be an excellent
quasi-permanent solution)
For example with a set of (3) 16GB memory sticks:
a) run your anti-virus and malware software
b) Insert oldest copy thumb drive and copy selected
files to this device (easiest if they are in folders)
C) Do this once a month, so you have 1mo/2mo/3mo
old backups (REMOVED from device)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
68. Who you goin’a trust?
Walt Mossberg, prev. with WSJ.
http://allthingsd.com/author/walt/
Consumer Reports periodic evaluation of tools
June 2013 issue
PC Mag
http://www.pcmag.com/article2/0,2817,2372370,00.asp
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
69. Antivirus
PC Mag preferences (2013)
Free: AVG AntiVirus Free or Adaware AntiVirus
Paid: Bitdefender, Webroot SecureAnywhere Antivirus
or Kaspersky Anti-Virus
Consumer reports (6/2013):
Free: Avast and Avira
Paid: Gdata, ESET, F-Secure, Kaspersky, Avira
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
70. April 2014 Antidote Anecdote
Wife’s XP system got “The Memo” (XP support ends April 9
– no updates, no virus updates, expect trouble)
So, I updated and ran Windows Security Essentials
• “no problems found” (most recent update)
Installed AVAST “Free”
• Quick Run – one problem found
• Boot Run – 11 problems found
Installed Malwarebytes
• Circa 50 or so files and registry entries found
• (mysearchdial, myspeeddial, installon, rightstuff)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
73. Mobile
Lookout and Avast suggested by Mossberg
Keep your Blue Tooth off when not needed
http://allthingsd.com/20121220/beware-of-malware-
mobile-security-apps-to-safeguard-your-phone/
Mobile is the target for 2015 (IBM Projection)
[Wearable’s for 2016 – 7 Billion Cell Phones (14)
expecting 60 Billion wearable's in 2017 …
Glass, Fitness, Earphone/mics, Cameras, ….]
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
75. Turn off things you don’t need
3rd
party cookies (“mother may I”)
Images in email
Scripting
And Turn on things you may need to know
Beware of files with names like:
“Important.txt.exe”
the dual extension is a form of spoofing
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
76. What does your browser know?
IP address
What site you came from
Operating environment (OS, plugins, extensions, device)
Cookies
“The Method”
SPAM (hire a SPAM-bot net)
Direct to website (Looks “good”, has exploit kit)
(kit detects versions of your tools, browser, Flash, OS, etc. –
picks a known weakness & injects …)
Downloader installed – which installs selected things
(Cryptolocker, DDOS, etc.)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
77. Cookies
An identifier stored though your browser to maintain
page to page continuity
Contains “URL”, “timeout”, “identifier”
Any mult-page transaction requires one
Set (at least) when you log into a site
Can span logins (welcome back)
3rd
party cookies (Doubleclick.com) etc
“tracking pixel/images”
Moving to a permanent user ID in Windows 8, iPhone,
etc. (may be able to turn it off)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
82. And be careful of what you do
Social media is neat, but …
Facebook ID tied to “Like” bugs –
Movement to share login ID’s (and data)
Classic question: what ID should I use for ???
Assume your emails, postings, etc. are recorded
[Corporate and governmental]
Assume your search paths, words, downloads etc. are
monitored [corporate and governmental]
Advertising, profiling (private or governmental)
Check Apps for privileges they request
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
83. Is your camera taking pictures…
Q:
I was surprised to see updates for some of my favorite apps say they can
access my camera to take pictures or video at any time without my
permission. Can they really take pictures or video from my camera?
A:
I wouldn’t use any app that could trigger the camera without your
knowledge or at least implied consent each time. An app might
legitimately be using the camera for tasks like scanning bar codes or
business cards. But even so, it should be obvious and allow you to
decide what to do. And if the app is one that should never need the
camera, but says it wants to do so, don’t use it.
Apple says it flags and rejects apps that use the camera without stating
that the camera is part of the app’s functionality. Google doesn’t curate
apps in advance and apps’ disclosures are generally stated all at once
in a dense page at download.
http://allthingsd.com/20131022/sneaky-apps-and-quiet-
tv-watching/?refcat=reviews
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
84. If things don’t seem right
Force a security/malware scan
(more than one tool may be wise)
Re-boot system
You can re-boot in “Safe Mode”
Holding down F8 while system starts
(Options: start with or without internet)
Folks like the GeekSquad have CDs they can use to
boot your system from CD to purge rootkits, etc.
Avira has tools for recovering if PC is dead, there is
also a thumbdrive tool that may help
Avast has “Boot version” you can run
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
86. Heartbleed Bug 2014
Is a vulnerability at the server side of the net
Until that side is fixed, your password/etc are at risk
Suggested response:
Sort your sites: critial ($/health), at risk (CC, bank info),
Don’ t care (none of above, only have login to know
who you are)
Identify 1-2 password transitions for each class of sites
- apply approach 1 now (I suggest before May 1)
- apply approach 2 in 2-3 months (July)
Some changes you make “now” are still subject to
“discovery” ergo the two step changes
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
87. Encryption (encoding …)
Substitution codes such as:
send money => tfme.npofz
Single pad encryption – convert using text from some
arbitrary source, just once. If recipient has source,
then decrypt is easy
Public/Private key
keys involve products of two large prime numbers
(factoring primes is a key to breaking encryption)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
88. Public/Private key encryption
Alice encrypts with her private key,
anyone can decrypt with her public key
John encrypts with Alice’s public key,
Only Alice can decrypt
Alice encrypts with her private key, then John’s
public key, only John can decrypt, and can use
Alice’s public key to confirm it is from Alice
“Certificate revocation” needed to declare
compromised private keys
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
89. 2014 attacks
Target
JP Morgan/Chase
Home Depot
Sony
Mostly after Credit Card data
Sold as “dumps” ($1/card from good sources)
China supplier now willing to sell beyond China
2015: Anthem, Hilton Honors,
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
90. Sony … “The Interview”
Not a “financial target” – political motivation
Obtained:
Corporate records (personnel – who gets paid what
and Heath care records)
Email archives (what does ??? Say about ???)
Actual “movie” files (ripe to rip)
Full list does not yet appear to be available
Companies don’t “get it” – hesitant to invest in quality
software, security procedures, 360 degree programs
[who cares about us??]
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
91. Steganography
Hiding messages by subtle manipulation of text,
images, video, music, etc.
Example from Sam Houston Univ:
"A study of religion must include the use of the shrines
important to the religious practice. One should also
consider how money is collected to support the religion.
Every drop of knowledge must be scrutinized.“
Extra spaces can be inserted to select words:
"A study of religion must include the use of the
shrines important to the religious practice. One should
also consider how money is collected to support the
religion. Every drop of knowledge must be scrutinized.“
In a picture or video you can make subtle changes to an image where
both parties hold the master for comparison …
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
93. IBM Webinar: 2015 projections
• Mobile Exploit kits (buy a phone cracker)
• Frameworks & Services (we will infect software for
you – like that “free” version of Angry Birds …)
• Mobile Device Takeovers (Porta-zombies)
• Apple Pay (and other “payment” systems)
• Mobile Malware
• Biometric hacking (imitation, data base)
• EMV (chip & pin) credit cards => CNP attacks
(Card not present –oh gee, I forgot my Pin)
• Health Care attacks (CC @$1, Health record @
$30)
• Charge medications, services (“here is the bill for your baby”)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
94. Anonymous
Outgrowth of 4chan – “BBS” community
Internet freedom – no censorship
<local> 2008 Scientology msg 3min
Physical Presence (world wide, hundreds)
Wikileaks – Mastercard/Amazon/PayPal
Arab Spring
Care packages (Ham radios, modems, …)
Relaying tweets, Facebook updates, etc.
All Channels – in the streets, dial in
denial of service, theft of data, …
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
95. Whats New(s) … recent events
NSA Data Center meltdown
– Oct. 8th
2013 WSJ report
10 failures in last 13 months
“Chronic electronic surges”
Destroying $100,000’s of machinery
And delayed operations by 1+ years
New Buffdale Utah site
Snowden Impact – bad guys know more about risks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
96. Steganographic smuggling
IEEE Spectrum Nov 2013- “4 New Ways to Smuggle
Messages Across the Internet”
By: Wojciech Mazurczyk, Krzysztof Szczypiorski & Józef Lubacz
BitTorrent – control sequence of servers used
Skype – “empty packets” (voice pauses)
Goggle suggest – “man in the middle” adding entries
WiFi packet padding – using pad bits
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
97. Tor
(previously TOR, an acronym for The Onion Router) is
free software for enabling online anonymity. Tor directs Internet
traffic through a free, worldwide, volunteer network consisting
of more than four thousand relays[6] to conceal a user's
location or usage from anyone conducting network surveillance
or traffic analysis.
From wikipedia
Tor encryption devices/routers available for under $100
–plug in (and slow down) for increased privacy
(but beware of cookies, etc. that can still track you)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
98. Related considerations
Cryptocurrencies [SSIT Google Hangout to YouTube]
Bitcoin –anonymity and the net
• “like cash” – not traceable
• Nice for privacy
• Real nice for criminal activities
The Internet of Things (IoT)
Your car, your House (lock, security, heater…)
(now consider ransom-ware attack – oh you want to
start your car? Unlock your house? …)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
99. Bit Coin (thanks to IEEE Spectrum)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
100. RFID
Radio Frequency Identifier Chip
“EZ Pass”
Mobile card “on the fly” (other credit cards)
US Passports
Car Keys
Hotel pass keys, Access/ID Cardkeys
Embedded in Clothes/price tag/unpaid alert
Embedded in pets
Amal Graafstra’s hands
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
101. Operation Shady RAT
“ networks were compromised by remote access tools
— or RATs.These tools have legitimate uses for
system administrators — give someone the ability to
access a computer from across the country. In this
case, however, they were secretly placed on the
target systems, hidden from the eyes of users and
administrators, and were used to rifle through
confidential files for useful information. It’s not for
nothing that McAfee is calling this Operation Shady
RAT.”
http://allthingsd.com/20110803/operation-shady-rat-the-
biggest-hacking-attack-ever/
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
102. Prevention and path forward
How you get infected and what to do? <local>
TED presentation (18 min) – James Lyne
Hire the hackers (TED 18min) <local>
Profiles examples of hackers
Vaccination is a public health concern, not just a private
issue --- that is, using a firewall and anti-virus
protection are important for everyone, not just your
own system.
If you are not part of the solution
you are part of the problem
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
103. Questions, answers, discussion, challenges
If you are not paranoid, you are not paying attention.
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Editor's Notes
Tech Icons is AT&T interview channel
Security & Privacy Magazine; Sept/Oct 2013
Two free products also did well in testing. Ad-Aware Free Antivirus+ 10.5 detected 83 percent of the samples and earned 5.8 points; for a while that was the top score. AVG AntiVirus FREE 2014 detected fewer samples, 78 percent, but more thorough cleanup earned it an impressive 6.4 points. AVG and Ad-Aware are our current Editors&apos; Choice products for free antivirus.