Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Hacking
1. Procedural Controls
Procedural controls establish a framework
for validating and maintaining the
computer system and for ensuring that
users understand how to use the system.
Procedural controls usually take the form
of standard operating procedures (SOPs)
and user manuals.
2.
3. Key Concepts for Procedural Controls
Vendor/Supplier management
Any computer equipment, instrumentation, and software that
you buy needs to come from a reputable vendor and needs to
be documented and tested for the environment in which it will
be used.
System Lifecycle
A System Lifecycle is a defined set of expectations, activities,
and deliverables promotes a controlled, well-thought-out
system through the life of the research project and reduces the
risk of errors. How you go about building, assembling, and
maintaining your system is an important part of validation.
4. • Procedures and training
A user who has been trained to operate computer software is less likely to
make errors that affect data or cause injury. Operating procedures and user
manuals direct user behavior within specific operational parameters dictated
by your system. Procedures need to address user accountability and
responsibility for actions taken while using the computer system, and if
applicable, the when and why for application of electronic signatures. Training
for each individual must be documented. A training certificate works well for
this purpose.
• Electronic signatures
There are several activities that must take place when you use electronic
signatures. You must: 1) notify the FDA in writing* that you are using
electronic signatures; 2) verify the identity of individuals who will be using an
electronic signature; 3) manage and monitor issuance of electronic signature
identifying components; 4) identify loss management and reporting processes
for security incidents; and 5) put in place mechanisms for periodic testing of
devices that generate electronic signature identifying components. Incorporate
these concepts into your SOPs. If your project is funded in whole or in part by
NIH, you must keep NIH informed of your communications with the FDA.
5. Computer crime
Alternatively referred to as cyber crime, e-
crime, electronic crime, or hi-tech crime.
Computer crime is an act performed by a
knowledgeable computer user, sometimes referred
to as a hacker that illegally browses or steals a
company's or individual's private information. In
some cases, this person or group of individuals
may be malicious and destroy or otherwise corrupt
the computer or data files.
6. • In 1988 a "worm program" written by a
college student shut down about 10 percent
of computers connected to the Internet.
This was the beginning of the era of cyber
attacks.
• Today we have about 10,000 incidents of
cyber attacks which are reported and the
number grows.
Computer Crime – The Beginning
7. • A 16-year-old music student called Richard Pryce,
better known by the hacker alias Datastream
Cowboy, is arrested and charged with breaking into
hundreds of computers including those at the
Griffiths Air Force base, Nasa and the Korean Atomic
Research Institute. His online mentor, "Kuji", is
never found.
• Also this year, a group directed by Russian hackers
broke into the computers of Citibank and transferred
more than $10 million from customers' accounts.
Eventually, Citibank recovered all but $400,000 of
the pilfered money.
Computer Crime - 1994
8. • In February, Kevin Mitnick is arrested for a second
time. He is charged with stealing 20,000 credit card
numbers. He eventually spends four years in jail and
on his release his parole conditions demand that he
avoid contact with computers and mobile phones.
• On November 15, Christopher Pile becomes the first
person to be jailed for writing and distributing a
computer virus. Mr Pile, who called himself the Black
Baron, was sentenced to 18 months in jail.
• The US General Accounting Office reveals that US
Defense Department computers sustained 250,000
attacks in 1995.
Computer Crime - 1995
9. • In March, the Melissa virus goes on the rampage
and wreaks havoc with computers worldwide. After
a short investigation, the FBI tracks down and
arrests the writer of the virus, a 29-year-old New
Jersey computer programmer, David L Smith.
• More than 90 percent of large corporations and
government agencies were the victims of computer
security breaches in 1999
Computer Crime - 1999
10. • In February, some of the most popular websites in
the world such as Amazon and Yahoo are almost
overwhelmed by being flooded with bogus requests
for data.
• In May, the ILOVEYOU virus is unleashed and clogs
computers worldwide. Over the coming months,
variants of the virus are released that manage to
catch out companies that didn't do enough to
protect themselves.
• In October, Microsoft admits that its corporate
network has been hacked and source code for future
Windows products has been seen.
Computer Crime - 2000
11. Different types of computer crimes
• Denial of serviece attack- Overloading a system with so
many requests it cannot serve normal requests.
• Espionage - Spying on a person or business.
• Fraud - Manipulating data, e.g. changing banking records
to transfer money to an account.
• Harvesting - Collect account or other account related
information on other people.
• identify theft- Pretending to be someone you are not.
• Intellectual Property Theft - Stealing another persons or
companies intellectual property.
12. • Phishing - Deceiving individuals to gain private or
personal information about that person.
• Salami Slicing - Stealing tiny amounts of money from
each transaction.
• scam- Tricking people into believing something that is not
true.
• Spamming - Distributed unsolicited e-mail to dozens or
hundreds of different addresses.
• spoofing - Deceiving a system into thinking you are
someone you really are not.
• Unautheraised Access - Gaining access to systems you
have no permission to access.
• Wiretapping - Connecting a device to a phone line to
listen to conversations.
13. Hacking
Hacking refers to an array of activities which are done to intrude some
one else’s personal information space so as to use it for malicious,
unwanted purposes.
Hacking is a term used to refer to activities aimed at exploiting security
flaws to obtain critical information for gaining access to secured
networks.
14. A Brief History of Hacking
• 1980s
- Cyberspace coined
-414 arrested
-Two hacker groups formed
-2600 published
• 1990s
-National Crackdown on hackers
-Kevin Mitnick arrested
-Microsoft’s NT operating system pierced
15. • 2001
– In one of the biggest denial-of-service attack, hackers launched
attacks against eBay, Yahoo!, CNN.com., Amazon and others.
• 2007
– Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded
nearly $1 Million has been stolen in three months from 250
customer account.
17. Famous Hackers in History
Ian Murphy Kevin Mitnick Johan Helsinguis
Mark AbeneLinus Torvalds Robert Morris
Editor's Notes
Some stories about hackings
Some stories about hackings
The Computer Security Institute's fifth Computer Crime and Security Survey also found that the total reported financial losses have tripled.The annual survey is conducted with the participation of the San Francisco FBI Computer Intrusion Squad and aims to increase awareness of security. This year's survey was based on responses from 643 computer-security professionals in U.S. corporations, government agencies, financial institutions, medical institutions and universities.Only 42 percent of those answering the survey could put a dollar figure on their financial losses - reporting the total at $265 million. The average annual total over the last three years was $120 million.