This document discusses identity theft and provides an overview of protection methods. It begins by defining identity theft as the compromise and fraudulent use of personal data like date of birth, social security number, financial information, and contact details. It then evaluates criminal methodologies such as hacking, malware, keyloggers, and phishing scams that thieves use. Finally, it considers protective solutions like firewalls, antivirus software, endpoint security, and using cloud services to secure systems and monitor unauthorized data transfers.

2. Who am I?
Who am I?
• Well over 30 years in telecom
• 26 years in the Naval Air Reserve
• Top Secret clearance
• Responsible for proper operation of all in‐flight
Responsible for proper operation of all in flight
communication and navigation equipment
• Former Central Region Adtran, AFC Territory Sales Manager
• L
Long time member of the MNTA and NDTA organizations
ti b f th MNTA d NDTA i ti
• Project manager – County oif Sacramento telecom project
• Visiting faculty at DePaul University in Chicago
• Founder of SimpleTel, Inc. – manufacturer’s representative

3. The ABC’s
of
f
Identity Th ft
Id tit Theft
Part One in a multi part series of overviews on Disaster
Part One in a multi‐part series of overviews on Disaster
Avoidance, Business Continuity and Disaster Recovery

4. Objectives
• Security Overview
• Define “identity theft”
• Evaluate criminal methodologies
Evaluate criminal methodologies
• Consider “protective” solutions
Consider protective solutions

12. During the 2nd half of 2008,
g ,
70 of the top 100 websites
were found to have been
were found to have been
compromised or contained
links to malicious sites.
links to malicious sites

13. Interesting information…
• 25 million new strains of malware are
presented in just one year
• 23 new malware samples per minute
• Banker trojans make up 66% of all malware
• 95% of the bits and bytes sent across the
95% of the bits and bytes sent across the
internet consists of “unstructured” data
• PDF
• JPG/GIF
• MPEG
SOURCE: Infoweek TechWeb Webcast of 2/17/2010

14. Interesting information (cont)…
The most alarming sources of malware
attacks come from:
• Social Networking @ 31%
• Web sites @ 29%
• Email @ 17%
SOURCE: Infoweek TechWeb Webcast of 2/17/2010

15. Interesting information (cont)…
• Facebook receives 15 million requests for
service PER SECOND
• 49 % of companies polled allow their staff
to access Facebook
to access Facebook
What happens when Facebook
What happens hen Facebook
becomes a tool of evil people
SOURCE: Infoweek TechWeb Webcast of 2/17/2010

16. Potential Threat Vectors…
• Web site attacks on browsers
• Social networks
Social networks
• Email accounts
• Wireless access points

17. “Vectors” of choice…
“ ” f h i

18. A new site to watch (or not)…
• Reported in Sunday’s New York Times
CHATROULETTE
Only three months old and has grown to
Only three months old and has grown to
tens of thousands of users

20. A recent Oracle survey…
• Security threats are poorly understood
• 33% of those polled stated identity theft
was a potential barrier to online purchasing
• 42% were worried that personal details
might be intercepted
might be intercepted
• 30% stated they didn’t trust web site
security measures

21. Fringe sites…
The problems only
p y
occur after the user
decides to click the
link!

22. Identity Th ft
Id tit Theft

23. Identity theft in its simplest
y p
form is the compromise and
use of your personal data
use of your personal data
for the purpose of
committing a fraudulent
committing a fraudulent
act.

24. • It isn’t about credit card receipts
• It doesn’t always come from those
unsolicited credit card company invitations
li i d di d i i i
• It doesn’t happen from people looking
It doesn t happen from people looking
over your shoulder at the ATM

25. What they want…
• DOB
• SSN/National ID number
/
• Online banking information
• Email address and passwords
• Mailing address
• Telephone number

26. Why they do it…
• Access to your bank accounts
Access to your bank accounts
• Access to your credit card accounts
y
• Use of your personal data to secure
credit
• Use of your personal data to obtain
Use of your personal data to obtain
fraudulent identification papers

27. Criminal
Methodologies
g

28. Cybercrime today has solid roots in
Romania, Bulgaria and Russia.
Their “take” amounts to hundreds
of thousands of dollars per day.

33. • IP Address
• Email Address
Email Address
• Facebook

35. How they do it…
• Overt “hacking”
• Malware
• Key loggers
Key loggers
• Phishing/scam emails
g/

36. Hacking
• Remote access of private areas of the company
Remote access of private areas of the company
server environment
Primarily access over the web
1) access into the company home page
2) access into sensitive files areas
• Unlawful or malicious removal of sensitive
information
Internal/local access
Internal/local access
1) USB drives
2) CD burners
3) Rogue wireless devices
)

38. Three forms of
“malware”…
“malware”
• Trojans
• Worms
• Viruses

39. How malware propagates…
“botnet” is a term associated primarily with the
negative aspects of malware distribution, though
negative aspects of malware distribution, though
botnets are often used in research as a collection of
computers all working simultaneously on a given
problem.

40. One Support Website
One Pharmacy
Billions of One Merchant Account
Messages
10-15 Unique Site
Designs
100’s Web
1,000’s URLs Servers
10,000’s Message
100,000’s Zombies Variants

41. Spotting malware activity…
• Malware morphs
• IRC ffi i
IRC traffic increases across the common ports
h
• Increases in antivirus file changes
Increases in antivirus file changes
• Outbound SMTP traffic increases
• Host file modification

42. Key Loggers
Beware!
These executables have the ability
to record ALL your password
entries and then send them off to a
entries and then send them off to a
specific address without you
knowing it.
knowing it.

43. “Phishing” and scam emails
Emails that solicit the recipient to
divulge key information in order to
gain access to specific data.

45. What looks
“innocent”
really isn t.
really isn’t.
Would you
provide this
provide this
information
to a
stranger?

46. So, do you
think this
looks
official and
legitimate?

48. The problems only
The problems only
occur when the user
decides to click the
link!

49. Protection
Options
p

50. 10 typical security mistakes…
• Sending sensitive date in an unencrypted e‐mail
• Using “security” questions whose answers are
easily discovered
easily discovered
• Imposing password restrictions that are too strict
• Letting vendors define “good security”
• Underestimating req ired sec rit e pertise
Underestimating required security expertise
• Underestimating the importance of review
• Overestimating the importance of secrecy
• Requiring easily forged identification
• Unnecessarily reinventing the wheel
• Giving up the means of your security in exchange
Giving up the means of your security in exchange
for a feeling of security

51. 10 Wi‐fi i f R d W i i
10 Wi fi tips for Road Warrioirs …
• Turn off the wi‐fi clients when not in use
• Verify that the SSID actually represents the
provider’s wi‐fi network
• Make sure that a software firewall is running on
Make sure that a software firewall is running on
your laptop
• Disable Window’s file and printer sharing
• Avoid sensitive online transactions when using
Avoid sensitive online transactions when using
open wi‐fi networks
• Keep you laptop’s OS up to date
• Secure any personal, banking, or credit card details
• Use secure and anonymous web surfing techniques
• Use VPN technology when necessary
Use VPN technology when necessary
• Use remote access applications for security

52. Anti‐virus update…
• Symantec (Norton) will leave the business
• McAfee is strengthening its position
• Kaspersky Labs could be the next best
• EMC/RSA i i i h
EMC/RSA is winning huge projects
j
• Sendio Barracuda Red Condor AVG etc
Sendio, Barracuda, Red Condor, AVG, etc…

53. Protection methods…
• Firewall
• Resident Antivirus app Individual
• Spyware/Malware app
• Endpoint sec rit
Endpoint security
Corporate
• Forensics

54. Firewalls…
Whitelisting and Blacklisting

55. Firewalls…

56. Resident antivirus protection…
• SPAM filtering/elimination
• BOT/Malware detection
BOT/Malware detection
• Cookies, Adware, etc…
Filtering by Contact DB
Filtering by content

58. Spybot . . . “bot” detection & elimination

59. Secunia . . . One method is not enough

60. Endpoint
security is
used to
control,
t l
secure and
monitor all
monitor all
methods of
data transfer

61. Using the “cloud”…

62. The solution can be on
premise or in the “cloud”…
i i th “ l d”
• Premise‐based solutions
Premise based solutions
• Cloud‐based solutions

63. Your individual solution requires a
“blended” approach…
blended approach…
• Your firewall
• Some sort of hardware or software “monitor”
Your corporate solution requires a
Your corporate solution requires a
“blended” approach as well…
• Your firewall
• Some sort of hardware or software “monitor”
• Endpoint security with forensics

64. The problems only
The problems only
occur when the user
occur when the user
decides to click the
link!

65. Business Continuity
and
Disaster Recovery
Part Two in a multi part series of overviews on Disaster
Part Two in a multi‐part series of overviews on Disaster
Avoidance, Business Continuity and Disaster Recovery

66. Compliance: HIPAA,
HITECH, PCI,
Sarbanes-Oxley
Sarbanes Oxley
Part Three in a multi part series of overviews on Disaster
Part Three in a multi‐part series of overviews on Disaster
Avoidance, Business Continuity and Disaster Recovery

67. Larry Pyrz
SimpleTel, Inc.
SimpleTel, Inc.
www.simpletel.biz
larry@simpletel.biz
773‐728‐3315
Larry Pyrz
@larrypyrz
Larry Pyrz