SlideShare a Scribd company logo
Implications and response to
large security breaches
SYR IST 323 class lecture
David Strom
Slides available here:
http://slideshare.net/davidstrom
1
Who am I?
• Long time IT B2B trade press journalist
• Actually hired Molta in a weak moment
• Started numerous print and Web pubs, wrote
two computer networking books
2
Cynical corporate view:
3
Agenda
• A review of the more recent, larger breaches
• Questions to ask for post-breach analysis
• What are some IT security lessons learned
• Where to find breach info for your case
studies
4
Yahoo!
• Three separate reported breaches from 2013,
2014, 2016 with millions of accounts leaked
• Using MD5 hashes, not state of the art and
not salted either
• Long persistent attack that lasted years
• Yahoo Account Key -- zero factor auth!
• CISO-of-the-month club: not cool
• Russian FSB officers criminally charged in Mar.
5
6
7
Vera Bradley Stores
8
Hookup site breaches
• Ashley Madison (7/15): 30M users revealed
– Passwords using bCrypt easily cracked
– Analysis revealed most female accounts fake
• AdultFriendFinder (11/16): 415M accounts
– Including previously deleted accounts using
format “email@address.com@deleted1.com”
– Encryption using SHA1 easily cracked
9
Dailymotion (10/16), 85M accounts
• Only 20% of the records have any passwords
associated and these were encrypted properly
10
11
E-Sports Entertainment Association
(12/16, 1.5M users)
12
Potomac Healthcare Solutions
13
NAS Leaks: Stewart Airport, Ameriprise
Financial Services
14
Three Mobile (UK cell provider)
15
Arby’s
• 1000 restaurants
• 355k customer
card data leaked
• Started 10/16
• Long time to ack
breach
16
17
Questions for post-breach analysis
• Did the company express the breach in plain
language?
• Did they precisely indicate what happened
and whom was affected?
• Did they constructively suggest a solution?
• Can non-IT people understand what to do next
to protect their personal info?
• Has anything IT-related changed as a result?
18
19
20
Home Depot breach
• Symantec Endpoint Protection installed, BUT
– No Network Threat protection module active
• No point-to-point encryption for payments
• POS systems using WinXP Embedded BUT
– Not secure and not most recent OS
• No vulnerability mgmt program active
• Using a flat network topology both POS/PCs
• Not managing 3rd party vendor auth credentials
21
22
23
24
25
Lessons learned
• How to craft a breach notification messages
and campaigns
– Exact dates, times and places
– Provide lots of other details
– Has follow up contact info for concerned
customers
• When to notify the public and customers
– The sooner the better. Days matter.
26
More lessons
• How to explain the specifics of the breach
– What data was stolen, both customer and
corporate
– How to prevent this from happening again
– Make it easy for customer to find out this stuff
• What to do personally
– Don’t use real online “birthday” on social nets
– Don’t reuse passwords, really
27
28
Where to get breach news
• Naked Security/Sophos
• The Intercept (but with a bucket of salt)
• SANS.org (for tech info, training classes)
• Threatpost
• MacKeeper/Chris Vickery
• LeakedSource (notification and data dumps)
• And of course, Inside Security !
29
“Carder” website example
30
31
32
33
34

More Related Content

Similar to Implications and response to large security breaches

nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
ssusera5ade5
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
MarketingatBahrain
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
PECB
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
GDSCCVR
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
Stephen Cobb
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101
Sarah K Miller
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
Ulf Mattsson
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
Resilient Systems
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open Source
Donald Malloy
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Craig McGill on Cyber Security at #PRFest
Craig McGill on Cyber Security at #PRFestCraig McGill on Cyber Security at #PRFest
Craig McGill on Cyber Security at #PRFest
PRFest
 
Information Security: Effects On Businesses and Consumers
Information Security: Effects On Businesses and ConsumersInformation Security: Effects On Businesses and Consumers
Information Security: Effects On Businesses and Consumers
victoriamac2009
 

Similar to Implications and response to large security breaches (20)

nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open Source
 
5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More5 Security Tips to Protect Your Login Credentials and More
5 Security Tips to Protect Your Login Credentials and More
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Craig McGill on Cyber Security at #PRFest
Craig McGill on Cyber Security at #PRFestCraig McGill on Cyber Security at #PRFest
Craig McGill on Cyber Security at #PRFest
 
Information Security: Effects On Businesses and Consumers
Information Security: Effects On Businesses and ConsumersInformation Security: Effects On Businesses and Consumers
Information Security: Effects On Businesses and Consumers
 

More from David Strom

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023
David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity Job
David Strom
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologies
David Strom
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
David Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
David Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacy
David Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
David Strom
 
The legalities of hacking back
The legalities of  hacking backThe legalities of  hacking back
The legalities of hacking back
David Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media world
David Strom
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
David Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackers
David Strom
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
David Strom
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
David Strom
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter fails
David Strom
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
David Strom
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better Support
David Strom
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and now
David Strom
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakes
David Strom
 
Picking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkPicking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your network
David Strom
 
Big data analytics
Big data analyticsBig data analytics
Big data analytics
David Strom
 

More from David Strom (20)

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity Job
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologies
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacy
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
 
The legalities of hacking back
The legalities of  hacking backThe legalities of  hacking back
The legalities of hacking back
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media world
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackers
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter fails
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better Support
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and now
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakes
 
Picking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkPicking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your network
 
Big data analytics
Big data analyticsBig data analytics
Big data analytics
 

Recently uploaded

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 

Recently uploaded (20)

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 

Implications and response to large security breaches

  • 1. Implications and response to large security breaches SYR IST 323 class lecture David Strom Slides available here: http://slideshare.net/davidstrom 1
  • 2. Who am I? • Long time IT B2B trade press journalist • Actually hired Molta in a weak moment • Started numerous print and Web pubs, wrote two computer networking books 2
  • 4. Agenda • A review of the more recent, larger breaches • Questions to ask for post-breach analysis • What are some IT security lessons learned • Where to find breach info for your case studies 4
  • 5. Yahoo! • Three separate reported breaches from 2013, 2014, 2016 with millions of accounts leaked • Using MD5 hashes, not state of the art and not salted either • Long persistent attack that lasted years • Yahoo Account Key -- zero factor auth! • CISO-of-the-month club: not cool • Russian FSB officers criminally charged in Mar. 5
  • 6. 6
  • 7. 7
  • 9. Hookup site breaches • Ashley Madison (7/15): 30M users revealed – Passwords using bCrypt easily cracked – Analysis revealed most female accounts fake • AdultFriendFinder (11/16): 415M accounts – Including previously deleted accounts using format “email@address.com@deleted1.com” – Encryption using SHA1 easily cracked 9
  • 10. Dailymotion (10/16), 85M accounts • Only 20% of the records have any passwords associated and these were encrypted properly 10
  • 11. 11
  • 14. NAS Leaks: Stewart Airport, Ameriprise Financial Services 14
  • 15. Three Mobile (UK cell provider) 15
  • 16. Arby’s • 1000 restaurants • 355k customer card data leaked • Started 10/16 • Long time to ack breach 16
  • 17. 17
  • 18. Questions for post-breach analysis • Did the company express the breach in plain language? • Did they precisely indicate what happened and whom was affected? • Did they constructively suggest a solution? • Can non-IT people understand what to do next to protect their personal info? • Has anything IT-related changed as a result? 18
  • 19. 19
  • 20. 20
  • 21. Home Depot breach • Symantec Endpoint Protection installed, BUT – No Network Threat protection module active • No point-to-point encryption for payments • POS systems using WinXP Embedded BUT – Not secure and not most recent OS • No vulnerability mgmt program active • Using a flat network topology both POS/PCs • Not managing 3rd party vendor auth credentials 21
  • 22. 22
  • 23. 23
  • 24. 24
  • 25. 25
  • 26. Lessons learned • How to craft a breach notification messages and campaigns – Exact dates, times and places – Provide lots of other details – Has follow up contact info for concerned customers • When to notify the public and customers – The sooner the better. Days matter. 26
  • 27. More lessons • How to explain the specifics of the breach – What data was stolen, both customer and corporate – How to prevent this from happening again – Make it easy for customer to find out this stuff • What to do personally – Don’t use real online “birthday” on social nets – Don’t reuse passwords, really 27
  • 28. 28
  • 29. Where to get breach news • Naked Security/Sophos • The Intercept (but with a bucket of salt) • SANS.org (for tech info, training classes) • Threatpost • MacKeeper/Chris Vickery • LeakedSource (notification and data dumps) • And of course, Inside Security ! 29
  • 31. 31
  • 32. 32
  • 33. 33
  • 34. 34

Editor's Notes

  1. V3 add Nrian photo on rescator page
  2. http://dilbert.com/strip/2016-04-18
  3. https://www.wired.com/2017/03/yahoo-hack-russia-indictment/
  4. https://help.yahoo.com/kb/account/SLN27925.html?impressions=true
  5. October 2016 customers paying by credit cards from last July-Sept data was leaked. Had to be in the physical store, online not hit. They have 150 stores around the world. http://www.darkreading.com/attacks-breaches/vera-bradley-stores-report-payment-card-breach/d/d-id/1327173
  6. A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts, including millions of supposedly deleted accounts. This number refers to the entire customer databases of several dating sites, including Cams.com, Penthouse.com and other sites. The attack happened at around the same time as one security researcher, known as Revolver, disclosed a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on their web server. The data does not appear to contain sexual preference data unlike the 2015 breach, however.   Comments were swift. “This is ten times worse than the Ashley Madison hack. Wait for a raft of class-action lawsuits,” says KnowBe4. The company verified that its servers were vulnerable. LeakedSource revealed that the company did not properly encrypt its users’ data. The company stored user passwords in plainly visible format, or with the very poor SHA1 hashes that were easily cracked. The deleted emails were retained in this format: “email@address.com@deleted1.com” which is curious and obviously intentional. -- ZDNET
  7. DailyMotion had more than 80 million of their account IDs and passwords exposed. Only a fifth of these accounts had passwords and they were fortunately encrypted. The company admitted the breach in a blog post.  http://blog.dailymotion.com/2016/12/06/8886/ Leaked Source obtained the data file. 
  8. Hackers shut down a Finnish heating system thanks to a DDoS-based DNS attack.  At least two housing blocks in the city of Lappeenranta were affected and confirmed by the facilities management company. The issue was no firewall and using public IP addresses of the HVAC management systems that could be easily reached by the hackers. When the company tried to reboot their systems, they needed more than a week to get computers back online since the attack also denied remote access to the systems. Luckily, outdoor temperatures weren’t critical. Researchers at IBM found that many building automation systems suffer from a range of security issues, from weak authentication and authorization controls to vulnerable administrative web interfaces used to provide remote access. -- https://securityledger.com/2016/11/lets-get-cyberphysical-ddos-attack-halts-heating-in-finland/ http://metropolitan.fi/entry/ddos-attack-halts-heating-in-finland-amidst-winter    
  9. E-Sports Entertainment Association is one of the largest competitive video gaming communities on the planet. They were hacked in December 2016 and a database containing 1.5 million player profiles was compromised. A full timeline of events has been posted to the E-Sports website. LeakedSource confirmed the leak that was confirmed by this post. While passwords were encrypted, other information was not and could be used to set up compromised attacks. Hackers demanded ransom payment of $100k but E-Sports did not comply. – http://www.csoonline.com/article/3155397/security/esea-hacked-1-5-million-records-leaked-after-alleged-failed-extortion-attempt.html
  10. A Pentagon contractor has accidentally leaked more that eleven gigabytes of data, including individuals’ names, locations, Social Security numbers, salaries, and assigned units. This comes from Chris Vickery, a security researcher with MacKeeper, who wrote about it last December. The data comes from the military’s Special Operations Command, which had no user name or password protection of the database that was leaked from the Potomac Healthcare Solutions site. After Vickery called Potomac, the information was still available an hour later. “It shouldn’t take over an hour to contact your IT guy and “ fix this, he said. Eventually, the information was removed. – https://mackeeper.com/blog/post/314-special-ops-healthcare-worker-breach
  11. Sometimes you have security researchers that specialize in a particular product with weak controls. This is the Buffalo Terastation network attached storage. Essentially, it is a hard drive with a network connection, and software that allows you to make backups to an Internet site. The problem is that these backups are often maintained in the clear – without any password protection, and it is easy to find them if you know what you are looking for.   That is exactly what MacKeeper’s Chris Vickery figured out in two separate incidents: one reported on in February at Stewart Airport, in downstate New York, and one involving an office from Ameriprise Financial. The airport leak involved 700 GB that sat out on the Internet for a year after the IT manager opened a firewall port and forget to protect his data. The data includes everything from sensitive TSA letters of investigation to employee social security numbers, network passwords, and 107 gigabytes of email correspondence.  https://mackeeper.com/blog/post/334-extensive-breach-at-intl-airport   The Ameriprise leak inadvertently exposed hundreds of investment portfolios, worth tens of millions of dollars. In this case, the NAS drive was at the home of one of their advisors. Amusingly, one of the pieces of the leaked data is a confidential memo in which Ameriprise asks its advisors “Do you keep your backup computer records (i.e. hard drive, memory stick, etc.) at a location other than your office?”, to which the possible answers are “Yes”, “No”, and “N/A – (select this option if you are using an online solution)”. https://mackeeper.com/blog/post/310-ameriprise-data-breach
  12. While this could be the largest breach of the year in terms of numbers, Three Mobile, one of UK's biggest mobile phone operators, has been breached. Supposedly the personal information and contact details of six million of its customers has been exposed, which are about two-thirds of the company’s overall customers. Hackers used an employee’s login credentials to gain entry. The reason for the breach was simple theft: the company confirmed around 400 cases in which fraudsters had stolen high-value phones through burglaries and other devices have already been illegally obtained through tracking who was eligible for upgrades. Three people have been arrested so far. http://thehackernews.com/2016/11/3-mobile-uk-hacked.html And recently, another technical glitch exposed new customer info: https://www.theguardian.com/business/2017/mar/20/three-mobile-possible-data-breach-data-usage-call-history  
  13. Data from more than 1,000 corporate-owned Arby’s fast food restaurants were compromised, resulting in personal information stolen from at least 355,000 customers’ credit and debit cards. Sources suggest the breach is estimated to have occurred between Oct. 25, 2016 and January 19, 2017. https://krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-breach/
  14. http://download.schneider-electric.com/files?p_Reference=SEVD-2016-288-01&p_EnDocType=Technical%20leaflet&p_File_Id=4837908514&p_File_Name=SEVD-2016-288-01+Unity+Simulator.pdf https://www.indegy.com/blogs/new-scada-vulnerability-enables-remote-control-of-ics-networks/ SCADA controller manages millions of them around the world called Unity Pro. It is in every single control network that this company sells. Here is the notifcation to its customers.
  15. http://www.networkworld.com/article/3011735/security/review-best-password-managers.html
  16. An example of a carder website is Rescator shown here. As you can see, the site has full search capabilities based on the type of stolen credit card you are searching for.  
  17. https://krebsonsecurity.com/2017/03/google-points-to-another-pos-vendor-breach/ Uses a photo of Brian Krebs to lend authenticity to the login page of Rescator. Source of POS malware used in many of these retail attacks, including CiCi’s
  18. http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
  19. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  20. https://oag.ca.gov/ecrime/databreach/report-a-breach