1 / 29

Cyber Security

Cyber Security . FBI Albany. FBI Priorities. Protect the United States from terrorist attack Protect the United States against foreign intelligence operations and espionage Protect the United States against cyber-based attacks and high-technology crimes. A few of our partners.

cianna
Télécharger la présentation

Cyber Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cyber Security FBI Albany

  2. FBI Priorities • Protect the United States from terrorist attack • Protect the United States against foreign intelligence operations and espionage • Protect the United States against cyber-based attacks and high-technology crimes

  3. A few of our partners • New York State Police • Multi-State ISAC • NY State Office of Cyber Security • NY State Department of Homeland Security

  4. HackingHistory and Evolution • The “old school” hacker • Characteristics • Notoriety • Break technological barriers • Unorganized • Not typically motivated by money

  5. HackingHistory and Evolution • The “neo” hacker • Characteristics • Professionals • Organized • Eastern Europe and Asia GOAL – Money

  6. Social Engineering • Common Scams • Lottery • Over payment for products • “I’m stranded overseas, send cash” • Trolling large call centers

  7. Fraudulent Financial Institutions

  8. Phishing Websites • Phishing • Same look and feel as a website or e-mail you may be accustomed to seeing • Attempt to gain usernames, passwords, CC information, etc

  9. Phishing Websites • Example of Phishing (website) http://citibusinessonline.da.us.citibank.com.citionline.ru

  10. Phishing E-mails • Example of Phishing (e-mail)

  11. Other Exploits • Orphaned / Counterfeit Hardware • USB flash drives containing malware • DVD/CD containing malware • Utilizing AutoPlay • “Free” Computers • Bargain priced equipment which has been altered • Routers • Desktop/Laptop systems

  12. Malware • Also referred to as Viruses, Trojans, Spyware • Key Logging • Remote access • Screen capturing processes

  13. Malware • Most common malware • SpyEye • Zeus (aka Zbot) • Qakbot All have ability to log keystrokes and provide remote access to malicious actors. Qakbot can propagate itself across a local network.

  14. Malware • Sources of Malware • Phishing e-mails • Phishing websites • Children’s games • Hacking, torrent, piracy websites • Pornographic websites

  15. Malware/Anti-Virus Pop-Ups • Intrusive advertising for fraudulent Anti-Virus and Anti-Malware products • Usually prompts for payment and/or personal information • Almost always a sign of an “infected” system • Persistent even after closing web browser

  16. Same Case Study – Three victims • Victims involved two academic institutions and one sole proprietorship. • Losses ranged from $70,000 to $500,000 – and in every case the losses were never recovered. • All involved malware on a windows system, with at least one instance involving Zeus and another involving Qakbot. • All matters involved actors overseas, and in one case, the investigation contributed to the arrest of bad actors residing in these countries. • In each case, employees were doing something they were not supposed to be doing, or did not have sufficient real-time malware protection in place.

  17. Zero Day Exploits • You may acquire malware just by viewing a website or opening an e-mail (without even opening attachment) • There is no patch available for the vulnerability • Times Union website, advertising images

  18. Social Networking • FACEBOOK, LINKEDIN, MYSPACE, TWITTER, ETC • May supply potential crooks with personal information used to exploit or extort • Very few laws to protect personal content • Limit access to personal information and photographs

  19. Social Networking -Real Examples • Local School • Student created 120 duplicate facebook accounts of other students • Created an intricate network of pictures, updates, statuses, chats • Most profiles were not well protected, or were completely public • Damaging to students reputations, fear to parents • Local businessman • Extorted by actors overseas, based on information provided on social network sites • Involved co-workers and family in order to become more convincing

  20. Prevention Internet

  21. Prevention • Golden Rule: “if it sounds too good to be true…”

  22. Prevention @ home • Monitor your children’s activities on the computer • Try to keep one system “pure” for online banking, and personal business – have another for recreational activities

  23. Prevention @ work • Update your Malware/Virus definitions on your network • Educate end users on Social Networking tactics and other common exploits • Wireless security – Avoid open networks and WEP encryption • Physical security – Protect physical resources and information

  24. Prevention – shared systems • Never trust a “free” public wi-fi network • Consider a 3G/4G wi-fi solution for true protected access • Never access your financial institution from a public computer at a hotel, library or public wireless access point

  25. Prevention Trends • Standalone system • Not attached to local network • Used for one purpose ONLY • Possibly non-standard Operating System • Bootable / Flash drive browsers and Operating Systems • Contained on a CD/DVD or flash drive • Impervious to most malware • Web traffic monitoring/blocking • Block keywords (Websense) • Filter traffic and e-mail attachments (based on type, size, hash)

  26. More Prevention Tips • Shred your documents • Don’t leave your trash out • Don’t leave your mail out, or consider a PO Box • Opt for electronic statements • Get regular credit reports, check statements • Watch for skimming devices at the pump and ATM machine • Talk to your bank about EFT transactions

  27. Mac vs. PC • Microsoft Windows • 88% desktop market share • Primary target for hackers; most “bang for the buck” • Although vulnerable, very robust security features • Mac OS X • 7% desktop market share • Less secure overall than windows • May appear more secure due to low market share • Linux • 1% desktop market share • Secure, but may not practical for mainstream users • Mobile Devices (iPhone, Android, etc) • Not ideal for hackers due to small population of devices • iPhone 2%, Android .64%

  28. IC3Internet Crime Complaint Center • Partnership between the FBI, National White Collar Crime Center, and Bureau of Justice Assistance • Receive, Develop, Refer complaints for internet related crimes • Tips, current schemes

  29. Infragard • Partnership between the FBI and the private sector • Businesses, Academic Institutions, State/Local Authorities, Critical Infrastructure, and other participants • www.infragardalbany.com

More Related