FBI Albany. Protect the United States from terrorist attack Protect the United States against...
-
Upload
allan-wilcox -
Category
Documents
-
view
217 -
download
3
Transcript of FBI Albany. Protect the United States from terrorist attack Protect the United States against...
Protect the United States from terrorist attack
Protect the United States against foreign intelligence operations and espionage
Protect the United States against cyber-based attacks and high-technology crimes
New York State PoliceMulti-State ISACNY State Office of Cyber SecurityNY State Department of Homeland
Security
The “old school” hackerCharacteristics
Notoriety Break technological barriers Unorganized Not typically motivated by money
Common Scams Lottery Over payment for products “I’m stranded overseas, send cash” Trolling large call centers
Phishing Same look and feel as a website or e-
mail you may be accustomed to seeing Attempt to gain usernames, passwords,
CC information, etc
Orphaned / Counterfeit Hardware USB flash drives containing malware DVD/CD containing malware▪ Utilizing AutoPlay
“Free” Computers Bargain priced equipment which has
been altered▪ Routers▪ Desktop/Laptop systems
Most common malware SpyEye Zeus (aka Zbot) Qakbot
All have ability to log keystrokes and provide
remote access to malicious actors. Qakbot can
propagate itself across a local network.
Sources of Malware Phishing e-mails Phishing websites Children’s games Hacking, torrent, piracy websites Pornographic websites
Intrusive advertising for fraudulent Anti-Virus and Anti-Malware products
Usually prompts for payment and/or personal information
Almost always a sign of an “infected” system
Persistent even after closing web browser
Victims involved two academic institutions and one sole proprietorship.
Losses ranged from $70,000 to $500,000 – and in every case the losses were never recovered.
All involved malware on a windows system, with at least one instance involving Zeus and another involving Qakbot.
All matters involved actors overseas, and in one case, the investigation contributed to the arrest of bad actors residing in these countries.
In each case, employees were doing something they were not supposed to be doing, or did not have sufficient real-time malware protection in place.
You may acquire malware just by viewing a website or opening an e-mail (without even opening attachment)
There is no patch available for the vulnerability
Times Union website, advertising images
FACEBOOK, LINKEDIN, MYSPACE, TWITTER, ETC
May supply potential crooks with personal information used to exploit or extort
Very few laws to protect personal content
Limit access to personal information and photographs
Local School Student created 120 duplicate facebook accounts of other
students Created an intricate network of pictures, updates, statuses,
chats Most profiles were not well protected, or were completely
public Damaging to students reputations, fear to parents
Local businessman Extorted by actors overseas, based on information provided
on social network sites Involved co-workers and family in order to become more
convincing
Monitor your children’s activities on the computer
Try to keep one system “pure” for online banking, and personal business – have another for recreational activities
Update your Malware/Virus definitions on your network
Educate end users on Social Networking tactics and other common exploits
Wireless security – Avoid open networks and WEP encryption
Physical security – Protect physical resources and information
Never trust a “free” public wi-fi network Consider a 3G/4G wi-fi solution for true
protected access
Never access your financial institution from a public computer at a hotel, library or public wireless access point
Standalone system Not attached to local network Used for one purpose ONLY Possibly non-standard Operating System
Bootable / Flash drive browsers and Operating Systems Contained on a CD/DVD or flash drive Impervious to most malware
Web traffic monitoring/blocking Block keywords (Websense) Filter traffic and e-mail attachments (based on type, size,
hash)
Shred your documents Don’t leave your trash out Don’t leave your mail out, or consider a
PO Box Opt for electronic statements Get regular credit reports, check
statements Watch for skimming devices at the
pump and ATM machine Talk to your bank about EFT
transactions
Microsoft Windows 88% desktop market share Primary target for hackers; most “bang for the buck” Although vulnerable, very robust security features
Mac OS X 7% desktop market share Less secure overall than windows May appear more secure due to low market share
Linux 1% desktop market share Secure, but may not practical for mainstream users
Mobile Devices (iPhone, Android, etc) Not ideal for hackers due to small population of devices iPhone 2%, Android .64%
Partnership between the FBI, National White Collar Crime Center, and Bureau of Justice Assistance
Receive, Develop, Refer complaints for internet related crimes
Tips, current schemes