Paul Rosenzweig hosts the Medill National Security Journalism Initiative's Cyber Crime & Big Data Webinar -- 10-16-13. From Evanston, IL and Washington, DC. Hosted by NSJI's Ellen Shearer.
This document provides an overview of American national security policy between 1974-1980, covering the Ford and Carter administrations. It introduces key terms and events of the period and outlines the national security policies and innovations of each administration, including the Total Force Concept, SALT II, and the Carter Doctrine establishing defense of the Persian Gulf as a vital US interest. Major events of the period included the fall of South Vietnam, tensions in the Horn of Africa and Angola, and the Iranian hostage crisis.
A fighter aircraft is a military plane used to attack other aircraft rather than ground targets like bombers. Fighter aircraft are characterized as being small and highly maneuverable. During World War I, fighter aircraft had low engine power and were used to hunt enemy reconnaissance balloons. In World War II, fighter aircraft became more sophisticated with improved tracking and weaponry to intercept enemy planes.
The race is on
Clearly, Canadian executives are feeling that the race is on; but it remains to be seen whether they act quickly enough and with the right focus to effectively transform and evolve. Among our findings:
75 percent of CEOs agree that the next three years will be more critical to their industry than the previous 50 years;
74 percent of CEOs believe their company will remain largely the same in the next 3 years;
98 percent are concerned about the loyalty of customers;
13 percent feel confident that they are fully prepared for a cyber-event.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)ITCamp
The document discusses several common security myths and provides facts to debunk them. It addresses myths around the illusion of security provided by certain tools, the threat only coming from outside attackers, security being the sole responsibility of certain roles, and how completely trusting infrastructure, employees, and tools can be misplaced. It highlights statistics around the frequency and costs of data breaches. The document also demonstrates pass-the-hash and crack-the-hash attacks and provides resources for staying up-to-date on security best practices and reports.
This document discusses common information security myths. It identifies myths such as "It won't happen to me" and "We have physical security so your data is safe". The causes of these myths are identified as wishful thinking, a lack of understanding of risks, and a desire to pass blame. The document provides advice on debunking myths such as taking security requests seriously, performing risk analysis, and ensuring security purchases match data requirements rather than believing in magic solutions. In conclusion, the document explains that security myths often stem from human tendencies to overreact and desires for reality to match wishes.
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
This document provides a summary of a presentation given by Michael Coden and Pete MacLeod on October 7, 2014 about scaling industrial control system (ICS) cybersecurity. It discusses conducting an inventory of ICS assets at an oil and gas facility, comparing manual vs automated inventory methods. The presentation aims to illustrate how centralized OT cybersecurity automation can improve security, reduce time/costs for inventory and incident response, and help address skills shortages through centralization.
This document provides an overview of American national security policy between 1974-1980, covering the Ford and Carter administrations. It introduces key terms and events of the period and outlines the national security policies and innovations of each administration, including the Total Force Concept, SALT II, and the Carter Doctrine establishing defense of the Persian Gulf as a vital US interest. Major events of the period included the fall of South Vietnam, tensions in the Horn of Africa and Angola, and the Iranian hostage crisis.
A fighter aircraft is a military plane used to attack other aircraft rather than ground targets like bombers. Fighter aircraft are characterized as being small and highly maneuverable. During World War I, fighter aircraft had low engine power and were used to hunt enemy reconnaissance balloons. In World War II, fighter aircraft became more sophisticated with improved tracking and weaponry to intercept enemy planes.
The race is on
Clearly, Canadian executives are feeling that the race is on; but it remains to be seen whether they act quickly enough and with the right focus to effectively transform and evolve. Among our findings:
75 percent of CEOs agree that the next three years will be more critical to their industry than the previous 50 years;
74 percent of CEOs believe their company will remain largely the same in the next 3 years;
98 percent are concerned about the loyalty of customers;
13 percent feel confident that they are fully prepared for a cyber-event.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)ITCamp
The document discusses several common security myths and provides facts to debunk them. It addresses myths around the illusion of security provided by certain tools, the threat only coming from outside attackers, security being the sole responsibility of certain roles, and how completely trusting infrastructure, employees, and tools can be misplaced. It highlights statistics around the frequency and costs of data breaches. The document also demonstrates pass-the-hash and crack-the-hash attacks and provides resources for staying up-to-date on security best practices and reports.
This document discusses common information security myths. It identifies myths such as "It won't happen to me" and "We have physical security so your data is safe". The causes of these myths are identified as wishful thinking, a lack of understanding of risks, and a desire to pass blame. The document provides advice on debunking myths such as taking security requests seriously, performing risk analysis, and ensuring security purchases match data requirements rather than believing in magic solutions. In conclusion, the document explains that security myths often stem from human tendencies to overreact and desires for reality to match wishes.
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
This document provides a summary of a presentation given by Michael Coden and Pete MacLeod on October 7, 2014 about scaling industrial control system (ICS) cybersecurity. It discusses conducting an inventory of ICS assets at an oil and gas facility, comparing manual vs automated inventory methods. The presentation aims to illustrate how centralized OT cybersecurity automation can improve security, reduce time/costs for inventory and incident response, and help address skills shortages through centralization.
This document is a presentation on the increasing threat of cybercrime. It discusses the evolution of computers and some of the world's largest data breaches. It identifies key cybersecurity threats for 2013/2014, including the widespread use of new platforms like mobile devices and cloud computing, increasingly available exploit kits, and more sophisticated targeted attacks. The presentation concludes by profiling some infamous computer hackers and opening the floor for questions.
This document discusses cybersecurity risks in the oil and gas industry and provides recommendations to secure critical systems. It outlines three main aspects of oil and gas cybersecurity: operational technology security, enterprise application security, and connections security. It highlights vulnerabilities in common enterprise systems like SAP and connections between IT and operational technology. The document recommends conducting security assessments of enterprise and operational systems, protecting connections, and taking a holistic approach to minimize security risks across the industry.
This document proposes a cyber security model for cloud computing environments. It discusses key cloud concepts like service and deployment models. It then covers cyber security threats in cloud computing, including those originating from the host, between the customer and datacenter, and from virtual machines. The document also presents a mean failure cost approach to measure security and quantify risks through stakeholder, dependency, and impact matrices. Finally, it argues the model can support cloud business decisions by pricing security upgrades and assessing enhancement cost effectiveness.
PwC Point of View on Cybersecurity ManagementCA Technologies
During this session, participants will learn about PwC’s Cybersecurity Management framework that assists enterprises in identifying crown jewels, threats & risks in the environment, architectural gaps, and assists in building cyber resilience program.
For more information, please visit http://cainc.to/Nv2VOe
This document discusses the evolving cyber threat landscape and increasing cyber risks that organizations face. It notes that cyber attacks are becoming more frequent, sophisticated, and targeted. The document outlines several recent major cyber attacks including data breaches at Sony, Target, and Ashley Madison, as well as ransomware attacks and hacking incidents. It emphasizes that organizations need to adopt a proactive, intelligence-led approach to cyber security that includes red team exercises, assuming breaches will occur, and deploying security intelligence systems to detect threats early. The key is understanding adversaries and their tactics in order to adapt defenses accordingly.
The document discusses the importance of summarization for processing large amounts of text data. Automatic summarization systems aim to generate concise summaries that capture the key elements of the original text while removing unnecessary details. However, accurately summarizing documents while preserving meaning and avoiding introducing errors continues to be a challenging task for artificial intelligence.
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
Data breaches are happening on an unprecedented scale, and the consequences of a breach occurring are not only extremely expensive, but can permanently damage a business's reputation. Guard against threats the right way – by knowing what these threats to cloud cyber security are.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
The document discusses the evolving cyber threat landscape and increasing risks posed by cyber attacks. It notes that cyber attacks are now the third largest risk facing corporations. Several high profile cyber attacks on companies like Target, Anthem, JP Morgan Chase, and Sony are summarized to illustrate the rising scale and impact of such incidents. The document advocates for a strategic, institution-wide approach to cyber security involving leadership, risk management, security operations, and resilience to protect against modern cyber threats. Threat intelligence and collaboration are also highlighted as important for effective cyber security.
This document provides an outlook on cyber security for 2016, highlighting key cyber attacks that occurred in 2015 and trends moving forward. Some of the major cyber attacks in 2015 included hacking of Uber and Apple accounts, an Amazon password reset, and data breaches at LinkedIn and Spotify. There was also a record-breaking 602Gbps DDoS attack against BBC and a leak of 25GB of user data from Ashley Madison. The document discusses challenges around security of industrial control systems and internet of things devices. It recommends building cyber resilience through improving cyber defenses, increasing human expertise and collaboration, and ensuring critical infrastructures have cyber security operation centers for compliance. The outlook predicts a focus on security of industrial control systems and critical infrastructure in
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
Organizations face a cyber crime wave that is increasing in intensity and sophistication. Business leaders must establish a holistic, end-to-end security strategy to protect the organization.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
This document is a presentation on the increasing threat of cybercrime. It discusses the evolution of computers and some of the world's largest data breaches. It identifies key cybersecurity threats for 2013/2014, including the widespread use of new platforms like mobile devices and cloud computing, increasingly available exploit kits, and more sophisticated targeted attacks. The presentation concludes by profiling some infamous computer hackers and opening the floor for questions.
This document discusses cybersecurity risks in the oil and gas industry and provides recommendations to secure critical systems. It outlines three main aspects of oil and gas cybersecurity: operational technology security, enterprise application security, and connections security. It highlights vulnerabilities in common enterprise systems like SAP and connections between IT and operational technology. The document recommends conducting security assessments of enterprise and operational systems, protecting connections, and taking a holistic approach to minimize security risks across the industry.
This document proposes a cyber security model for cloud computing environments. It discusses key cloud concepts like service and deployment models. It then covers cyber security threats in cloud computing, including those originating from the host, between the customer and datacenter, and from virtual machines. The document also presents a mean failure cost approach to measure security and quantify risks through stakeholder, dependency, and impact matrices. Finally, it argues the model can support cloud business decisions by pricing security upgrades and assessing enhancement cost effectiveness.
PwC Point of View on Cybersecurity ManagementCA Technologies
During this session, participants will learn about PwC’s Cybersecurity Management framework that assists enterprises in identifying crown jewels, threats & risks in the environment, architectural gaps, and assists in building cyber resilience program.
For more information, please visit http://cainc.to/Nv2VOe
This document discusses the evolving cyber threat landscape and increasing cyber risks that organizations face. It notes that cyber attacks are becoming more frequent, sophisticated, and targeted. The document outlines several recent major cyber attacks including data breaches at Sony, Target, and Ashley Madison, as well as ransomware attacks and hacking incidents. It emphasizes that organizations need to adopt a proactive, intelligence-led approach to cyber security that includes red team exercises, assuming breaches will occur, and deploying security intelligence systems to detect threats early. The key is understanding adversaries and their tactics in order to adapt defenses accordingly.
The document discusses the importance of summarization for processing large amounts of text data. Automatic summarization systems aim to generate concise summaries that capture the key elements of the original text while removing unnecessary details. However, accurately summarizing documents while preserving meaning and avoiding introducing errors continues to be a challenging task for artificial intelligence.
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
Data breaches are happening on an unprecedented scale, and the consequences of a breach occurring are not only extremely expensive, but can permanently damage a business's reputation. Guard against threats the right way – by knowing what these threats to cloud cyber security are.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
The document discusses the evolving cyber threat landscape and increasing risks posed by cyber attacks. It notes that cyber attacks are now the third largest risk facing corporations. Several high profile cyber attacks on companies like Target, Anthem, JP Morgan Chase, and Sony are summarized to illustrate the rising scale and impact of such incidents. The document advocates for a strategic, institution-wide approach to cyber security involving leadership, risk management, security operations, and resilience to protect against modern cyber threats. Threat intelligence and collaboration are also highlighted as important for effective cyber security.
This document provides an outlook on cyber security for 2016, highlighting key cyber attacks that occurred in 2015 and trends moving forward. Some of the major cyber attacks in 2015 included hacking of Uber and Apple accounts, an Amazon password reset, and data breaches at LinkedIn and Spotify. There was also a record-breaking 602Gbps DDoS attack against BBC and a leak of 25GB of user data from Ashley Madison. The document discusses challenges around security of industrial control systems and internet of things devices. It recommends building cyber resilience through improving cyber defenses, increasing human expertise and collaboration, and ensuring critical infrastructures have cyber security operation centers for compliance. The outlook predicts a focus on security of industrial control systems and critical infrastructure in
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
Organizations face a cyber crime wave that is increasing in intensity and sophistication. Business leaders must establish a holistic, end-to-end security strategy to protect the organization.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
How Barcodes Can Be Leveraged Within Odoo 17Celine George
In this presentation, we will explore how barcodes can be leveraged within Odoo 17 to streamline our manufacturing processes. We will cover the configuration steps, how to utilize barcodes in different manufacturing scenarios, and the overall benefits of implementing this technology.
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...TechSoup
Whether you're new to SEO or looking to refine your existing strategies, this webinar will provide you with actionable insights and practical tips to elevate your nonprofit's online presence.
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Cyber Crime & Big Data Webinar -- 10-16-13
1. Cyber Crime & Big Data
Paul Rosenzweig
www.paulrosenzweigesq.com
www.redbranchconsulting.com
2. The Scope of the Loss
• UK -- £27 billion/year (Detica) (2010)
• World -- $1 trillion/year (McAfee) (2009)
• Commission on the Theft of American Intellectual Property --
$300 billion/year (2013)
• Another way of looking at it:
• Top 45 US companies average $5.6 million/year (2011) in
cybersecurity losses from an incident, up from $3.8 million in 2010
(Ponemon Institute)
• Conclusion: Direct monetary loss is very significant but
not overwhelming
3. RBN -- HISTORY
• An internet service provider, run by criminals for criminals,
founded as early as 2004
• Allegedly created by “Flyman,” a 20-something programmer to
be the nephew of a well-connected Russian politician
• Initial activity was legal (though not exactly civic-minded)
• Provides URLs, dedicated servers and software – an evil
version of Comcast combined with Home Depot
4. SERVICES OFFERED
• “Bulletproof” servers ($600/month)
• Highly effective malware ($380 per 1,000 targets)
• Rentable bots ($200 per bot)
• Free technical support, patches, updates and fixes
5. WHY SO SUCCESSFUL?
• Better than a real job
• Professionalism
• Protection from the Kremlin?
6. Greatest Hits
• 2005-2006 “Rock phish” nets $150 million for participants
• 2007 Mpack/Bank of India : All users’ account info stolen
•
•
•
•
via keystroke logging malware; no download necessary
(!)
2007 Russia-Estonia incident
2008 Russia-Georgia Conflict
2009 Citibank*
2012(?) Operation Blitzkreig??
7. Connecting the Dots -- Starting
with 2 Known Terrorists in US
WATCH LIST: CIA/INS/FBI POSSIBLE TERRORISTS IN THE US:
On or before August 23rd, 2001, Nawaq Alhamzi and Khalid Al-Midhar
added to INS watchlist
MAKE PLANE RESERVATIONS USING SAME NAMES:
On or about August 25, 2001, Khalid Al-Midhar purchases cash ticket
for American Airlines flight #77 scheduled for September 11, 2001
On or about August 27, 2001, Nawaq Alhamzi books a flight on
American Airlines flight #77 scheduled for September 11, 2001
8. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Waleed Alshehri
Target - Unknown
Target - South Tower of World Trade Center
Saeed Alghamdi
Ahmed Alghamdi
Ahmed Al Haznawi
Fayez Ahmed
Ziad Jarrah
Mohand Alshehri
Hamza Alghamdi
Satam Al Suqami
United Airlines Flight 93
United Airlines Flight 175
Marwan Al-Shehhi
Abdulaziz Alomari
Wail Alshehri
Ahmed Alnami
9. Address Connections
RESERVATIONS MADE WITH ADDRESS #1 AND ADDRESS #2
On or about August 25, 2001, Khalid Al-Midhar makes a reservation on
American Airlines flight #77 scheduled for September 11, 2001 using
Common Address #1
On or about August 27, 2001, Nawaq Alhamzi books flight on
American Airlines flight #77 scheduled for September 11, 2001 using
Common Address #2
ADDRESSES ARE USED BY THREE (3) ADDITIONAL PASSENGERS
Mohamed Atta has reservation on American Airlines flight #11
scheduled for September 11, 2001 using Common Address #1 as a
contact address
Marwan al-Shehhi has reservation on United Airlines flight #175
scheduled for September 11, 2001 using Common Address #1 as a
contact address
Salem Alhamzi has reservation on American Airlines flight #77
scheduled for September 11, 2001 using Common Address #2 as a
contact address
10. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
5 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
11. Phone Number Connections
ONE (1) ALERTED PASSENGER MAKES RESERVATION USING
COMMON TELEPHONE NUMBER
On or about August 28, 2001, Mohamed Atta uses
Florida Telephone #1 as a contact number when making reservations on
American Airlines flight #11 scheduled for September 11, 2001
NUMBER IS USED BY FIVE (5) ADDITIONAL PASSENGERS
On or about August 26, 2001, Waleed Alshehri and Wail Alshehri make
reservations on American Airlines flight #77 scheduled for September
11, 2001 using Florida Telephone #1 as a contact number
On or about August 27, 2001, reservations for electronic, one-way
tickets were made for Fayez Ahmed and Mohand Alshehri for United
Airlines flight #175 using Florida Telephone #1 as a contact number
On or about August 28, 2001, Abdulaziz Alomari reserves a seat on
American Airlines flight #11 using Florida Telephone #1 as a contact
number
12. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
10 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
13. Frequent Flyer Connections
ONE (1) ALERTED PASSENGER MAKES RESERVATION USING A
FREQUENT FLYER NUMBER
On or about August 25, 2001, Khalid Al-Midhar makes a reservation on
American Airlines flight #77 scheduled for September 11, 2001 using
Frequent Flyer #1
FREQUENT FLYER NUMBER IS USED BY ONE (1) ADDITIONAL
PASSENGER
On or about August 25, 2001, Majed Moqed makes a reservation on
American Airlines flight #77 scheduled for September 11, 2001 using
Frequent Flyer #1
14. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
11 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
15. Public Record Connections
PUBLIC RECORDS
Alerted subjects Nawaq Alhamzi and Khalid Al-Midhar lived with Hani
Hanjour
Alerted subject Wail Ashehri was roommates and shares PO Box with
Satan Al Suqami
16. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
13 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
17. Remaining Connections
WATCH LIST: INS ILLEGAL/EXPIRED VISAS
On or about August 29, 2001, Ahmed Alghamdi reserves an electronic oneway ticket on United Airlines flight #175 scheduled for September 11, 2001
FIVE (5) ADDITIONAL PASSENGERS:
Alerted subject Ahmed Alghamdi and Hamza Alghamdi both use same
address on their airline reservations
Alerted subject Hamza Alghamdi has/does live with Saeed Alghamdi,
Ahmed Alhaznawi, Ahmed Alnami
Alerted subject Ahmed Alhaznawi lives/lived with Ziad Jarrah
18. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Majed Moqed
Mohamed Atta
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
All 19 are Identified!
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
19. All 19 via 7 “Clicks”
Khalid Al-Midhar
Majed Moqed
Mohamed Atta
Waleed Alshehri
Marwan Al-Shehhi
Wail Alshehri
Satam Al Suqami
Fayez Ahmed
Nawaq Alhamzi
Salem Al-Hazmi
Mohand Alshehri
Ahmed Alghamdi
Hani Hanjour
Abdulaziz Alomari
Saeed Alghamdi
Hamza Alghamdi
Ahmed Alhaznawi
Ziad Jarrah
Ahmed Alnami
22. Privacy is dead. Get over it.
– Scott McNealy, Sun
MicroSystems CEO (1999)
23. End of Practical Obscurity
Dept. of Justice v. Reporters Committee, 489 U.S. 749 (1989)
Denial of FOIA request for “rap sheet” of suspected Mafia don upheld
“Plainly there is a vast difference between the public records that might be
found after a diligent search of courthouse files, county archives, and local
police stations throughout the country and a computerized summary located
in a single clearinghouse of information”
“The privacy interest in maintaining the practical obscurity of rap-sheet
information will always be high”
Contrast that with the operation of Acxiom, Experian,
ChoicePoint or Lexis/Nexis, today.
Private companies that “harvest” public records for its own database
Birth records, credit records, convictions, real estate, liens, bridal registries,
kennel club records, etc. etc. etc.
Notably, most (though not all) such records are of
governmental origin
24. Guess What This Is …
Facebook Break-Up Data
Holiday Stress
Spring Break
April Fools
Mondays
Summer Vacation
Xmas –
“Too Cruel”
25. Passenger Name Record (PNR)
Typical Data Elements
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
PNR record locator code
Date of reservation
Date(s) of intended travel
Name
Other names on PNR
Address
All forms of payment information
Billing address
Contact telephone numbers
All travel itinerary for specific PNR
Frequent flyer information (miles flown,
address)
Travel agency
Travel agent
Code share PNR information
Travel status of passenger
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
Split/Divided PNR information
Email address
Ticketing field information
General remarks
Ticket number
Seat number
Date of ticket issuance
No show history
Bag tag numbers
Go show information
OSI information *
SSI/SSR information *
Received from information
All historical changes to the PNR
Number of travelers on PNR
Seat information
One-way tickets
Any collected APIS information
ATFQ fields
* Restricted field
26. Keeping A Future Terrorist Out of the United States
Situation
DHS uses a sophisticated data assessment
program called the Automated Targeting System
(ATS) to perform risk assessments on those who
seek to enter the United States
Roughly 411 million people attempt to enter the U.S.
annually; nearly 91 million come to the U.S. by air
ATS allows DHS’ Customs and Border Protection
(CBP) to connect the dots to foil potential terrorist
plots by denying entry to would-be terrorists
Action
June 14, 2003: a Jordanian named Raed al-Banna,
carrying a valid business visa on his Jordanian
passport, tries to enter the U.S. at O’Hare Airport
His data is run through ATS; CBP is wary of his
travel habits and takes him to secondary screening
CBP gleans that al-Banna has been living in the
U.S. since 2001 and illegally working petty jobs
A CBP officer takes al-Banna’s photograph and
fingerprints, and he is deported soon there after
Result
February 28, 2005: al-Banna rams a car filled with
explosives into a crowd of military and police
recruits in the Iraqi town of Hillah, killing more than
125
His hand and forearm are found inside the
smoldering vehicle handcuffed to the steering wheel
The attack remains one of the deadliest suicide
bombings in Iraq since the inception of the war
Raed al-Banna
The CBP officer who deported al-Banna said, “I was shocked. That it was so close
to home, that I actually interviewed someone who not only was capable of doing
but actually did something like that. You never know who you are interviewing or
what they are capable of doing.”
Case# 0000016
2005/03/01
www.dhs.gov
26
27.
28.
29. The “Right” to Privacy
No Constitutional right to protect records held by third parties
Bank records -- U.S. v. Miller, 425 U.S. 435 (1973)
Phone toll records – Smith v. Maryland, 442 U.S. 735 (1979)
Common law right?
Warren & Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890-1891)
"The common law secures to each individual the right of determining, ordinarily, to what
extent his thoughts, sentiments, and emotions shall be communicated to others.”
Not historically applicable against the government
Such “rights” as we have are therefore creatures of statute
Privacy Act of 1974
E-Government Act of 2002
Our Privacy Laws Are Out of Date And Do Not Match The
Technology Or The Need
29
30. Mossad in Dubai
“The Murder of Mahmoud alMabhouh,”February 2010
http://video.gulfnews.com/services/player/bc
pid4267205001?bckey=AQ~~,AAAAAFv965
0~,tQKIhooE6H7bm0EXwcdF0fKpVqjAuia&bctid=66672644001
“Bulletproof” hosting, also known as “bulk-friendly hosting” that enables users to circumvent applicable laws in their country of origin.At one point maintained that accusations leveled against them were slander.
Possibility for computer science grads to earn 10x what they would in Russia and twice as much as they would in WestSophisticated phishing: MalwareAlarm.com, a site operated by the RBN, at one point averaged 2 million US users per monthMalware functions perfectly
Users tricked into entering personal financial info