Computer Emergency Readiness Teams (CERT) in Africa: Cybercrime senarios and assessment

1. Computer Emergency Readiness Teams (CERT) in Africa: Cybercrime senarios and assessment Produced by Oyehmi Begho

2. Content 1. Identity Theft 2. Top 10 ways to steal peoples identity 3. Facebook 4. Social engineering: Phishing, impersonating 5. Solutions 6. Conclusion

3. What is identity theft? Identity Theft Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain.

4. Top 10 ways to steal peoples identity Rummaging through rubbish for personal information (dumpster diving) Retrieving personal data from redundant IT equipment and storage media, without having been properly sanitized Using public records about individual citizens, published in official registers such as electoral rolls

5. Top 10 ways to steal peoples identity 4. Stealing identification typically by pickpocketing, housebreaking, mail theft or armed robbery. 5. Brute-force attacking weak passwords and using inspired guesswork to compromise weak password reset questions. 6. Impersonating trusted organizations in emails, in order to dupe victims into disclosing their personal information.

6. Top 10 ways to steal peoples identity 7. Observing users typing their login credentials, credit card numbers etc. into IT equipment located in public places 8. Stealing personal information from computers using malware, particularly Trojan horse keylogging programs or other forms of spyware

7. Top 10 ways to steal peoples identity 9. Advertising bogus job offers in order to accumulate resumes 10. Browsing social networking websites for personal details published by users and their friends. These are only the top 10!

8. Facebook • Facebook is a social network service and website launched in February 2004 • As of July 2010 Facebook had more than 500 million active users • At the beginning of 2010 Nigeria crossed the 1 million user mark

9. Facebook Facebook is an personal information GOLDMINE. Name School history Address Work history Preferences Telephone number Date of birth Friends Personal Conversations Picture

10. Social Engineering Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. • Phishing • Impersonation

11. Phishing Impersonating trusted organizations in emails, in order to dupe victims into disclosing their personal information or login credentials. • Fear • Urgency • Familiarity

12. Phishing Quick Demonstration Draft email – Phishing, Spear Phishing, Whale Phishing Create an authentic looking email Website

13. Phishing: Example Email http://www.zenithbank.com/ibanksecurity.cfm

14. Phishing Website Code to edit and copy any webpage javascript:document.body.contentEditable='true'; document.designMode='on'; void 0 HTTrack Website copier Download a whole website at the click of a button.

15. Impersonation • With this form of identity theft the perpetrator steals your identity not to obtain funds from you but to scam your friends or others into handing over money. • Accident or incident • Fundraising • Relationship & Love

16. Impersonation: EFCC crackdown

17. Impersonation: Latest email scam First email: I'm sorry for this odd request and I'm writing this with tears on my eyes due to the situation of things right now,I'm stuck in London United Kingdom with my family,we came down here on vacation and we got Mugged at GUNPOINT.. worse of it was that cash cell phone and credit cards were stolen…….

18. Impersonation: Latest email scam Second email: ….just wondering if you can loan me some cash $$ till i get back home to refund you back. All i need is 1000 pounds and you can have it wired to my name via Western Union http://chaplainclair.blogspot.com/2010/03/nigerian-scammer-attacked-me-today.html

19. Solutions • Dispose of your personal data properly • Shredding bank statements, letters etc • Sanitizing electronic devices • If you are not using any accounts online delete them or make sure you check them frequently

20. Solutions • Keep up to date • Keep you virus checker, spyware etc up to date • Keep yourself up to date of the latest scam. • Scambusrter.org • Report attack immediately to the appropriate authorities

21. Solutions Use secure passwords Most common insecure passwords: Password, abc123, Jesus, Christ, 1234, 123456. qwerty, asdfg Dictionary words, date of birth, names Passwords should be at least 8 characters in length, include numbers, symbols, upper and lowercase letters

22. Solutions • Government intervention : • Start establishing laws that govern our online data and how organisations are responsible for that data. • Build an awareness campaign to highlight the dangers of identity theft. • Set up a visible (online) task force that deals with cyber crime and prevention.

23. Conclusion The internet is growing and changing at a phenomenal rate everyday and so are the ways criminals are using it. It is the responsibility of the government to censors and govern the way organisations protect and use our data but it is also our individual responsibility. We must stay ahead and stay alert

24. Thank You www.futuresoft-ng.com oyehmi@futuresoft-ng.com