Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University...
Rev2/28/2011 © 2011 Maze & Associates 3
Pervasive By Nature
Social Tech
Private
Life
Work
Family
School
Rev2/28/2011 © 2011 Maze & Associates 4
Social Tech Issues
Rev2/28/2011 © 2011 Maze & Associates 5
M
• Marketing
• Brand Protection
• Customer
Relations
HR
• Hiri...
MARKETING & BRANDING USES
Rev2/28/2011 © 2011 Maze & Associates 6
Brand Protection - Concerns
• Fear of losing control
• Fear of losing customers
• Fear of losing money
• Fear of customers...
Brand Issues
Rev2/28/2011 © 2011 Maze & Associates 8
Monitor Social Media for your Brand
Rev2/28/2011 © 2011 Maze & Associates 9
Social Shopping
Rev2/28/2011 © 2011 Maze & Associates 10
How to get started
• Social Technology
– The train has left the building, are you on it?
• Get informed
• Get help (techni...
Marketing
• Manger's Guide to Social Media
– by Scott Klososky
• The FaceBook Era
– by Clara Shih
• Facebook Marketing: An...
Establish Brand in Social Media
Rev2/28/2011 © 2011 Maze & Associates 13
Market Saturation
Rev2/28/2011 © 2011 Maze & Associates 14
Integration
Your
Website
Facebook
Twitter
LinkedIn
Other
Rev2/28/2011 © 2011 Maze & Associates 15
Deceptive Marketing
Rev2/28/2011 © 2011 Maze & Associates 16
Endorsements
• If you are being paid to endorse a product, you
must make that clear to consumers.
Rev2/28/2011 © 2011 Maze...
HUMAN RESOURCES USES
Rev2/28/2011 © 2011 Maze & Associates 18
Social Media Uses in HR
• The use of social media outside of
personal lives has increased and
continues to increase
• Conc...
http://www.ajc.com/news/barrow-teacher-fired-over-733625.html
Rev2/28/2011 © 2011 Maze & Associates 20
http://www.dailyfinance.com/story/media/facebook-spying-costs-canadian-woman-her-health-benefits/19250917/
Rev2/28/2011 © ...
Rev2/28/2011 © 2011 Maze & Associates 22
http://smallbiztrends.com/2009/09/social-media-background-checks.html
Horns of a dilemma
• If employers use social media to do
background checks on employees
– The company is open to discrimin...
Horns of a dilemma
• If employers don’t use social media to do
background checks on employees
– The company is open to neg...
Use of Social Media at Work
• Does your company have a social media
policy?
• How much time do employees use social
media?...
PERSONAL USES
Rev2/28/2011 © 2011 Maze & Associates 26
Computer Security: Malware
Rev2/28/2011 © 2011 Maze & Associates 27
Online Privacy
• Do you have control of what is posted?
• Not all fame is good!
• People use anonymity to post stuff
about...
Information about you online
• Do I have control of
what is posted about
me?
• Look yourself up!
• All but one of these
is...
Sony Play Station Network Breach
Rev2/28/2011 © 2011 Maze & Associates 30
SOCIAL MEDIA & POLITICS
Rev2/28/2011 © 2011 Maze & Associates 31
Elections
Rev2/28/2011 © 2011 Maze & Associates 32
Social Media and Politics
Rev2/28/2011 © 2011 Maze & Associates 33
IDENTITY THEFT
Rev2/28/2011 © 2011 Maze & Associates 34
Social Media (Web 2.0)
 Services are extremely popular and useful
 Almost a must today, (if you are not in, you are
out)...
Online Privacy
• Would you invite
a stranger into
your house to
look at your
children's photo
album?
• Public v. Private
•...
Situation
• Why does someone want your
personal information?
– In an information age information
becomes a commodity
– Inf...
What is PII
• Personally Identifiable Information
– Name and account number
– Name and social security number
– Name and a...
ID Theft vs. ID Fraud
• “Identity fraud," consists mainly of
someone making unauthorized charges
to your credit card.
• “I...
• March 20th 2001, MSNBC reported the first
identity theft case to gain widespread public
attention
• Thief assumed the id...
ID Theft & Fraud
• PII exposed by others (Data Breaches)
• PII exposed by ourselves (online & others)
• Malware (Spyware, ...
What do they do with stolen IDs?
Rev2/28/2011 © 2011 Maze & Associates 42
Drug Trafficking and ID Theft
Meth users see mail theft and check washing as a low risk
way to pay for their habit.
The sa...
FTC 2009 Stats
• Top counties with ID theft
– Solano County 18 out of 375
• Average per victim loss
– $10,000
• Total comp...
HOW MIGHT YOU EXPOSE YOUR
PII
Rev2/28/2011 © 2011 Maze & Associates 45
Watch what you put online
Rev2/28/2011 © 2011 Maze & Associates 46
http://www.youtube.com/watch?v=Soq3jzttwiA
Can someone use what you post
against you?
Rev2/28/2011 © 2011 Maze & Associates 47
P2P (Peer to Peer file sharing)
• Napster used to fit in this category
• Used to ‘share’ computer files
• Legal issues wit...
HOW BAD GUYS MIGHT GET
YOUR PII
Rev2/28/2011 © 2011 Maze & Associates 49
Malware
• Malware (Viruses, Worms, Spyware,
etc…)
– 1999 Melissa, Kevin Mitnick,
– 2000 Mafiaboy, DoS Assault,
– 2001 Code...
Viruses
• In the past they were primarily
destructive
• Today they focus on stealing information
• Using your computer as ...
Phishing: Internet Fraud
• Oldest trick in the book,
there are examples in the
1500s
• One particular fraud is called
the ...
Rev2/28/2011 © 2011 Maze & Associates 53
Phishing Example
Rev2/28/2011 © 2011 Maze & Associates 54
Spyware
Rev2/28/2011 © 2011 Maze & Associates 55
Cell Phone Spyware
Rev2/28/2011 © 2011 Maze & Associates 56
http://www.youtube.com/watch?v=uCyKcoDaofg
http://news.rutgers...
Physical theft
• Dumpster diving
• ATM – Credit Card skimming
• Mailbox
• Home Break-in
Rev2/28/2011 © 2011 Maze & Associa...
Close to Home
Rev2/28/2011 © 2011 Maze & Associates 58
“Lock Bumping”
http://cbs11tv.com/seenon/Bump.Key.Safety.2.499252.html
Rev2/28/2011 © 2011 Maze & Associates 59
ATM Skimming
Rev2/28/2011 © 2011 Maze & Associates 60
http://www.youtube.com/watch?v=m3qK46L2b_c
Credit Card Skimming
Rev2/28/2011 © 2011 Maze & Associates 61
Credit Card Skimming Stats
TOP MERCHANT GROUPS
RESTAURANTS
GAS
HOTELS
CAR RENTALS
ALL OTHER
SOURCE: CALIFORNIA RESTAURANT ...
Credit Card Skimming Stats
BY MERCHANT LOCATIONS
CALIFORNIA
FLORIDA
NEW YORK
NEW JERSEY
TEXAS
MEXICO
ILLINOIS
ALL OTHER
SO...
HOW OTHERS MIGHT EXPOSE
YOUR PII
Rev2/28/2011 © 2011 Maze & Associates 64
How others might expose your PII
• Data Breach
– Lack of security on the part of businesses
– Organization may post inform...
Sony PlayStaion Network Breach
Rev2/28/2011 © 2011 Maze & Associates 66
Public Records
Rev2/28/2011 © 2011 Maze & Associates 67
“The federal government is the
biggest offender.”
Paul Stephens
Pr...
Others losing your ID
4.2 million customer card transactions were compromised by hackers
Rev2/28/2011 © 2011 Maze & Associ...
Unknown Exposure
Rev2/28/2011 © 2011 Maze & Associates 69
Top 10 Largest Breaches*
Records Date Organizations
130,000,000 2009-01-20 Heartland Payment Systems
94,000,000 2007-01-17...
Repeat Offenders*
Company Number of
Reported Breaches
LPL Financial 12
Nationwide 11
Equifax 11
Experian 11
Blue Cross 10
...
Sony Root kit
• Sony, in its efforts to preserve control
over its product, installed root kits on
consumers computers
• Co...
Social Media Security 2011
Upcoming SlideShare
Loading in …5
×

Social Media Security 2011

3,429 views

Published on

2011 Cyber Security & Social Technology
Marketing & Branding Uses
Human Resources Uses
Personal Uses
Social Media & Politics
Identity Theft

Published in: Social Media, Technology
  • Be the first to comment

Social Media Security 2011

  1. 1. Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+ Director, Maze & Associates University of San Francisco / San Diego City College www.LearnSecurity.org | www.linkedin.com/in/donaldehester | www.facebook.com/LearnSec | www.twitter.com/sobca DonaldH@MazeAssociates.com
  2. 2. Rev2/28/2011 © 2011 Maze & Associates 3
  3. 3. Pervasive By Nature Social Tech Private Life Work Family School Rev2/28/2011 © 2011 Maze & Associates 4
  4. 4. Social Tech Issues Rev2/28/2011 © 2011 Maze & Associates 5 M • Marketing • Brand Protection • Customer Relations HR • Hiring • Personnel Management P • Privacy • Identity • Home/Work
  5. 5. MARKETING & BRANDING USES Rev2/28/2011 © 2011 Maze & Associates 6
  6. 6. Brand Protection - Concerns • Fear of losing control • Fear of losing customers • Fear of losing money • Fear of customers speaking up • Avoiding social media – Fear of the unknown – Thinking it is a fade • Not understanding social media • How will you measure impact Rev2/28/2011 © 2011 Maze & Associates 7
  7. 7. Brand Issues Rev2/28/2011 © 2011 Maze & Associates 8
  8. 8. Monitor Social Media for your Brand Rev2/28/2011 © 2011 Maze & Associates 9
  9. 9. Social Shopping Rev2/28/2011 © 2011 Maze & Associates 10
  10. 10. How to get started • Social Technology – The train has left the building, are you on it? • Get informed • Get help (technical and soft skills) • Develop a social media marketing strategic plan • Create short term goals • Execute and Adapt Rev2/28/2011 © 2011 Maze & Associates 11
  11. 11. Marketing • Manger's Guide to Social Media – by Scott Klososky • The FaceBook Era – by Clara Shih • Facebook Marketing: An Hour a Day – by Chris Treadaway and Mari Smith • New Rules of Marketing and PR – by David Meerman Scott • The Zen of Social Media Marketing: An Easier Way to Build Credibility, Generate Buzz, and Increase Revenue – by Shama Kabani and Chris Brogan Rev2/28/2011 © 2011 Maze & Associates 12
  12. 12. Establish Brand in Social Media Rev2/28/2011 © 2011 Maze & Associates 13
  13. 13. Market Saturation Rev2/28/2011 © 2011 Maze & Associates 14
  14. 14. Integration Your Website Facebook Twitter LinkedIn Other Rev2/28/2011 © 2011 Maze & Associates 15
  15. 15. Deceptive Marketing Rev2/28/2011 © 2011 Maze & Associates 16
  16. 16. Endorsements • If you are being paid to endorse a product, you must make that clear to consumers. Rev2/28/2011 © 2011 Maze & Associates 17 http://www.ftc.gov/opa/2009/10/endortest.shtm
  17. 17. HUMAN RESOURCES USES Rev2/28/2011 © 2011 Maze & Associates 18
  18. 18. Social Media Uses in HR • The use of social media outside of personal lives has increased and continues to increase • Concern that potential employers will misconstrue what is seen • Used for monitoring current employees • Used for screening job applicants – Employees see it as a good way to “get to know” the applicant Rev2/28/2011 © 2011 Maze & Associates 19
  19. 19. http://www.ajc.com/news/barrow-teacher-fired-over-733625.html Rev2/28/2011 © 2011 Maze & Associates 20
  20. 20. http://www.dailyfinance.com/story/media/facebook-spying-costs-canadian-woman-her-health-benefits/19250917/ Rev2/28/2011 © 2011 Maze & Associates 21
  21. 21. Rev2/28/2011 © 2011 Maze & Associates 22 http://smallbiztrends.com/2009/09/social-media-background-checks.html
  22. 22. Horns of a dilemma • If employers use social media to do background checks on employees – The company is open to discrimination charges – The candidates is vulnerable to discrimination Rev2/28/2011 © 2011 Maze & Associates 23
  23. 23. Horns of a dilemma • If employers don’t use social media to do background checks on employees – The company is open to negligent hires – Good candidates are missed – Bad candidates are hired Rev2/28/2011 © 2011 Maze & Associates 24
  24. 24. Use of Social Media at Work • Does your company have a social media policy? • How much time do employees use social media? • Does it effect employee productivity? • How much cross over between work / home life? Rev2/28/2011 © 2011 Maze & Associates 25
  25. 25. PERSONAL USES Rev2/28/2011 © 2011 Maze & Associates 26
  26. 26. Computer Security: Malware Rev2/28/2011 © 2011 Maze & Associates 27
  27. 27. Online Privacy • Do you have control of what is posted? • Not all fame is good! • People use anonymity to post stuff about others! • Embarrassing, loss of credibility Rev2/28/2011 © 2011 Maze & Associates 28
  28. 28. Information about you online • Do I have control of what is posted about me? • Look yourself up! • All but one of these is about me. • One of these I was completely unaware of. • Even if you are not on the web, you may be on the web! • Do what you can to control what is out there. • What is you social relevancy (Reputation)? Rev2/28/2011 © 2011 Maze & Associates 29
  29. 29. Sony Play Station Network Breach Rev2/28/2011 © 2011 Maze & Associates 30
  30. 30. SOCIAL MEDIA & POLITICS Rev2/28/2011 © 2011 Maze & Associates 31
  31. 31. Elections Rev2/28/2011 © 2011 Maze & Associates 32
  32. 32. Social Media and Politics Rev2/28/2011 © 2011 Maze & Associates 33
  33. 33. IDENTITY THEFT Rev2/28/2011 © 2011 Maze & Associates 34
  34. 34. Social Media (Web 2.0)  Services are extremely popular and useful  Almost a must today, (if you are not in, you are out)  People post too much information about themselves or their kids  Be aware of your aggregate information  The key is to be aware of what you are sharing Rev2/28/2011 © 2011 Maze & Associates 35
  35. 35. Online Privacy • Would you invite a stranger into your house to look at your children's photo album? • Public v. Private • Aggregate information sources could give someone more information than intended. Rev2/28/2011 © 2011 Maze & Associates 36
  36. 36. Situation • Why does someone want your personal information? – In an information age information becomes a commodity – Information has a value – Some information has a greater value – Your personal information is potentially worth more than you think Rev2/28/2011 © 2011 Maze & Associates 37
  37. 37. What is PII • Personally Identifiable Information – Name and account number – Name and social security number – Name and address – Credit Card Number • Where you might find it – Tax files – Account Statements – Records (Medical, Public and other) – Businesses you do business with Rev2/28/2011 © 2011 Maze & Associates 38
  38. 38. ID Theft vs. ID Fraud • “Identity fraud," consists mainly of someone making unauthorized charges to your credit card. • “Identity theft,” is when someone gathers your personal information and assumes your identity as their own. "Identify theft is one of the fastest growing crimes in the US." John Ashcroft 79th US Attorney General Rev2/28/2011 © 2011 Maze & Associates 39
  39. 39. • March 20th 2001, MSNBC reported the first identity theft case to gain widespread public attention • Thief assumed the identities of Oprah Winfrey and Martha Stewart, took out new credit cards in their names, and accessed their bank accounts • Stole more than $7 million from 200 of the world’s super rich - Warren Buffet and George Soros, tech tycoons Paul Allen and Larry Ellison • Used a library computer, public records, a cell phone, a fax machine, a PO Box, and a copy of Forbes Richest People • 32-year-old Abraham Abdallah was described as “a high school dropout, a New York City busboy, a pudgy, disheveled, career petty criminal.” The Busboy That Started It All Rev2/28/2011 © 2011 Maze & Associates 40
  40. 40. ID Theft & Fraud • PII exposed by others (Data Breaches) • PII exposed by ourselves (online & others) • Malware (Spyware, Viruses, etc…) • Social Engineering – Phone – Internet (Phishing, social websites etc…) – In Person (at your door, in a restaurant etc…) • Physical theft – Mail box – Trash (Dumpster diving) – ATMs (skimming) – Home break-ins Rev2/28/2011 © 2011 Maze & Associates 41
  41. 41. What do they do with stolen IDs? Rev2/28/2011 © 2011 Maze & Associates 42
  42. 42. Drug Trafficking and ID Theft Meth users see mail theft and check washing as a low risk way to pay for their habit. The same chemicals used in Meth production are used in check washing. Meth users, dealers and fraudsters are partners in crime. Rev2/28/2011 © 2011 Maze & Associates 43
  43. 43. FTC 2009 Stats • Top counties with ID theft – Solano County 18 out of 375 • Average per victim loss – $10,000 • Total complaints filed in 2009 – 1.3 Million Rev2/28/2011 © 2011 Maze & Associates 44 FTC http://www.ftc.gov/opa/2010/02/2009fraud.shtm
  44. 44. HOW MIGHT YOU EXPOSE YOUR PII Rev2/28/2011 © 2011 Maze & Associates 45
  45. 45. Watch what you put online Rev2/28/2011 © 2011 Maze & Associates 46 http://www.youtube.com/watch?v=Soq3jzttwiA
  46. 46. Can someone use what you post against you? Rev2/28/2011 © 2011 Maze & Associates 47
  47. 47. P2P (Peer to Peer file sharing) • Napster used to fit in this category • Used to ‘share’ computer files • Legal issues with copyright • Malware issues, often the P2P software will install adware or tracking software. • Privacy issues, do you know what you are sharing? Rev2/28/2011 © 2011 Maze & Associates 48
  48. 48. HOW BAD GUYS MIGHT GET YOUR PII Rev2/28/2011 © 2011 Maze & Associates 49
  49. 49. Malware • Malware (Viruses, Worms, Spyware, etc…) – 1999 Melissa, Kevin Mitnick, – 2000 Mafiaboy, DoS Assault, – 2001 Code Red, Nimda, – 2002 Root Rot, Slapper, – 2003 SQL Slammer, – 2004 MyDoom, BerBew, – 2005 Samy (MySpace), – 2007 Storm Worm, Botnets, etc.. Malware has cost trillions of dollars in the last decade Rev2/28/2011 © 2011 Maze & Associates 50
  50. 50. Viruses • In the past they were primarily destructive • Today they focus on stealing information • Using your computer as a Bot (Zombie) to send out SPAM Rev2/28/2011 © 2011 Maze & Associates 51
  51. 51. Phishing: Internet Fraud • Oldest trick in the book, there are examples in the 1500s • One particular fraud is called the “Nigerian 419” scam or “Advanced Fee Fraud” • Started as a letter, then it showed up in faxes and now it is sent by email. • Many variations on the story the message contains http://www.secretservice.gov/fraud_email_advisory.shtml Rev2/28/2011 © 2011 Maze & Associates 52
  52. 52. Rev2/28/2011 © 2011 Maze & Associates 53
  53. 53. Phishing Example Rev2/28/2011 © 2011 Maze & Associates 54
  54. 54. Spyware Rev2/28/2011 © 2011 Maze & Associates 55
  55. 55. Cell Phone Spyware Rev2/28/2011 © 2011 Maze & Associates 56 http://www.youtube.com/watch?v=uCyKcoDaofg http://news.rutgers.edu/medrel/news-releases/2010/02/rutgers-researchers-20100222 http://www.youtube.com/watch?v=UZgf32wVTd4
  56. 56. Physical theft • Dumpster diving • ATM – Credit Card skimming • Mailbox • Home Break-in Rev2/28/2011 © 2011 Maze & Associates 57
  57. 57. Close to Home Rev2/28/2011 © 2011 Maze & Associates 58
  58. 58. “Lock Bumping” http://cbs11tv.com/seenon/Bump.Key.Safety.2.499252.html Rev2/28/2011 © 2011 Maze & Associates 59
  59. 59. ATM Skimming Rev2/28/2011 © 2011 Maze & Associates 60 http://www.youtube.com/watch?v=m3qK46L2b_c
  60. 60. Credit Card Skimming Rev2/28/2011 © 2011 Maze & Associates 61
  61. 61. Credit Card Skimming Stats TOP MERCHANT GROUPS RESTAURANTS GAS HOTELS CAR RENTALS ALL OTHER SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICERev2/28/2011 © 2011 Maze & Associates 62
  62. 62. Credit Card Skimming Stats BY MERCHANT LOCATIONS CALIFORNIA FLORIDA NEW YORK NEW JERSEY TEXAS MEXICO ILLINOIS ALL OTHER SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICERev2/28/2011 © 2011 Maze & Associates 63
  63. 63. HOW OTHERS MIGHT EXPOSE YOUR PII Rev2/28/2011 © 2011 Maze & Associates 64
  64. 64. How others might expose your PII • Data Breach – Lack of security on the part of businesses – Organization may post information online – Loss of a laptop, hard drive or paper work – Data loss by a third party – Hacker (Organized Crime & Nation State) – Organizations may break into your computer Rev2/28/2011 © 2011 Maze & Associates 65
  65. 65. Sony PlayStaion Network Breach Rev2/28/2011 © 2011 Maze & Associates 66
  66. 66. Public Records Rev2/28/2011 © 2011 Maze & Associates 67 “The federal government is the biggest offender.” Paul Stephens Privacy Rights Clearinghouse
  67. 67. Others losing your ID 4.2 million customer card transactions were compromised by hackers Rev2/28/2011 © 2011 Maze & Associates 68
  68. 68. Unknown Exposure Rev2/28/2011 © 2011 Maze & Associates 69
  69. 69. Top 10 Largest Breaches* Records Date Organizations 130,000,000 2009-01-20 Heartland Payment Systems 94,000,000 2007-01-17 TJX Companies Inc. 90,000,000 1984-06-01 TRW, Sears Roebuck 76,000,000 2009-10-05 National Archives and Records Administration 40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express 30,000,000 2004-06-24 America Online 26,500,000 2006-05-22 U.S. Department of Veterans Affairs 25,000,000 2007-11-20 HM Revenue and Customs, TNT 17,000,000 2008-10-06 T-Mobile, Deutsche Telekom 16,000,000 1986-11-01 Canada Revenue Agency Rev2/28/2011 © 2011 Maze & Associates 70 *Top ten data breaches as of 22 Feb 2010. Data provided by DataLoss db. 725,797,885 breached records out of 2466 reported incidents.
  70. 70. Repeat Offenders* Company Number of Reported Breaches LPL Financial 12 Nationwide 11 Equifax 11 Experian 11 Blue Cross 10 B of A 9 Cornell University 9 University of Iowa 9 HSBC 8 Pfizer 8 Rev2/28/2011 © 2011 Maze & Associates 71 *As of 22 Feb 2010. Data provided by DataLoss db. 725,797,885 breached records out of 2466 reported incidents.
  71. 71. Sony Root kit • Sony, in its efforts to preserve control over its product, installed root kits on consumers computers • Consumers were not aware it was installed (on copy-protected CDs) • Gave Sony and potentially hackers the ability to remotely control your computer • Removal of software disabled CD drives on consumers computers http://www.cnet.com/4520-6033_1-6376177-1.html?tag=nl.e501 Rev2/28/2011 © 2011 Maze & Associates 72

×