180 likes | 401 Views
The Wild Wild West. Cyber Security Versus Digital Forensics Presentation for the E-Commerce Network’s Cyber Security Seminar at University of Massachusetts Dartmouth Suzanne Mello Stark, PhD. Cyber Security Facts. In 2006, 8.3 million Americans were victims of Identity Theft
E N D
The Wild Wild West Cyber Security Versus Digital Forensics Presentation for the E-Commerce Network’s Cyber Security Seminar at University of Massachusetts Dartmouth Suzanne Mello Stark, PhD
Cyber Security Facts In 2006, 8.3 million Americans were victims of Identity Theft In first ½ of 2009, 40,000 cyber attacks were launched against the Department of Defense (Pentagon Costs: $100 million) So far this year, cyber criminals have stolen $100 million from US banks There are more than 3 million indications of malicious activity per year in civilian networks It is estimated that 1/3 or more of this activity originates outside the US (Langevin, 2012)
Stuxnet First Computer Worm to Cross into the Physical World Doesn’t want to be detected Affected Countries (so far) according to Symantec: Iran (over 50%) Indonesia (~18%) India (~8%) Azerbaijan (~2%) United States (~1%) Pakistan (~1%) Others (~9.2%) Son of Stuxnet? (CBS News, 2012)
The Great Cyber Heist Alberto Gonzalez, 14 years old hacker Caught by police detective at an ATM machine “cashing out” Part of a large hacker network called Shadowcrew Stolen over 180 million payment card accounts OfficeMax, TJ Max, Marshalls, BJs Wholesale Club, Target, Barnes and Noble, etc Used a technique called “SQL Injection” to fool databases into giving information Then created fake cards to take money from ATM machines all over the world (Verdini, 2010)
WikiLeaks Founder - Julian Assange Australian Internet Activist Bring Important News to the Public Free Speech Whistleblower/Journalist not jailed Released Significant Documents Afghanistan War Corruption in Kenya Baghdad Airstrike US State Dept. Cables (CBS News, 2012) (Worthington, 2011)(Grier, 2010)
Anonymous Hactivist Group Launch Distributed Denial of Service Attacks against companies/entities that violate their ethical principles Freedom of the Internet Retaliated against companies that dropped WikiLeaks Many are being arrested around the world Low Orbit Ion Cannon (botnet) – the application to join the group. Your computer becomes part of the DDOS attacks. (Neal, 2012)
Cyberextortion • Internet Criminal Gangs asking for Protection Money • Will launch DDoS attack if you don’t pay up • Ransomware (Koerner, 2008) (Ratliff, 2005)
Internet Tax Fraud IRS allows tax refunds to be filed on line and refunds downloaded to a debit card Tax Fraud is out of Control! Steal your SS# Make up info Get Refund before you! Tax Filing has been put online for convenience Was the IRS ready? (Zamost & Kaye, 2012)
Are We Ready for E-voting? Computer Scientists say NO! But the world IS putting voting online regardless of the security threats IPad voting in Oregon (CBS News, 2011), (Kar, 2011)
Digital Forensics – Who did it? The application of forensic science techniques to the discovery, collection and analysis of digital evidence.
Who Uses Digital Evidence? • Criminal law enforcement • Criminal defense attorneys • Corporate law • Civil law • Organization Information Technology (IT) personnel • E.g. American Power Conversion • E.g. URI • Homeland security • Military
What Digital Evidence Can Be Found? • Files listed in standard directory search • Hidden files • Deleted files • Email • Deleted email • Certain Instant Messaging • Passwords • Logs • Windows Registry • Windows Meta Files • Login IDs • Encrypted Files • Intentionally embedded (steganographic) files • Web sites visited • Searches performed • Cookies • Network traces • Owners of servers • TIME
Cyber Security Caucus • Congressman Jim Langevin (D-RI), cofounder of the Congressional Cyber Security Caucus, introduced a bill to strengthen cyber security and prevent attacks. • Southern New England will Play a Big Role (Langevin, 2012)
Works Cited • CBS News. (2012, March 4). Stuxnet: Computer worm opens new era of warfare. (G. Messick, Producer) Retrieved March 28, 2012, from 60 Minutes: http://www.cbsnews.com/video/watch/?id=7400904n • CBS News. (2011, November 8). Voting with IPads: idea whose time is coming? Retrieved March 28, 2012, from CBSNEWS: http://www.cbsnews.com/8301-502303_162-57320358/voting-with-ipads-idea-whose-time-is-coming/ • CBS News. (n.d.). WikiLeaks' Julian Assange, Pt. 1. Retrieved from 60 Minutes: http://www.cbsnews.com/video/watch/?id=7300034n • Greenhalgh, E. (2012, March 28). Cyber Challenge Games are On. Retrieved March 28, 2012, from Providence Business News: http://www.pbn.com/Cyber-challenge-games-are-on,66381
Works Cited (continued) • Grier, P. (2010, April 6). Video of Iraqi journalists' killings: Is WikiLeaks a security threat? Retrieved March 28, 2012, from The Christian Science Monitor: http://www.csmonitor.com/USA/Military/2010/0406/Video-of-Iraqi-journalists-killings-Is-WikiLeaks-a-security-threat • Kar, S. (2011, November 8). State of Oregon Counties First to Introduce iPad Voting for the Disabled. Retrieved March 28, 2012, from Silicon Angle: http://www.google.com/imgres?q=Voting+with+Ipads&hl=en&client=safari&sa=X&rls=en&biw=1237&bih=866&tbm=isch&prmd=imvns&tbnid=LV2lCytGaS_LPM:&imgrefurl=http://siliconangle.com/blog/2011/11/08/state-of-oregon-counties-first-to-introduce-ipad-voting-for-the-disabled/&docid=C_GSFEHvXOOF6M&imgurl=http://siliconangle.com/files/2011/11/ipad-your-vote-counts-in-oregon.jpg&w=300&h=300&ei=bBJzT7buHKrg0QH67di0AQ&zoom=1&iact=hc&vpx=269&vpy=152&dur=307&hovh=164&hovw=157&tx=100&ty=84&sig=102187905883335174659&page=1&tbnh=155&tbnw=146&start=0&ndsp=21&ved=1t:429,r:1,s:0
Works Cited (continued) • Koerner, B. (2008, July 21). Mr. Know-It-All: Cyberextortion, Your Kid's Cell Phone, Online Degrees. Retrieved March 28, 2012, from Wired: http://www.wired.com/techbiz/people/magazine/16-08/st_kia • Langevin, C. J. (2012, March 27). Cybersecurity. Retrieved March 28, 2012, from US Congressman Jim Langevin: http://langevin.house.gov/issues/cybersecurity-1/ • Neal, D. (2012, March 28). Anonymous suspects are arrest in the Dominican Republic. Retrieved March 28, 2012, from The Inquirer: http://www.theinquirer.net/inquirer/news/2164273/anonymous-suspects-arrested-dominican-republic • Ratliff, E. (2005, October 10). The New Yorker. Retrieved March 28, 2012, from The Zombie Hunters, On the trail of cyberextortionists: http://www.newyorker.com/archive/2005/10/10/051010fa_fact
Works Cited (continued) • Verini, J. (2010, November 10). The Great Cyberheist. Retrieved March 28, 2012, from The New York Times Magazine: http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?pagewanted=all • Worthington, P. (2011, December 28). Wikileaks Wasn't a Threat. Retrieved March 28, 2012, from FrumForum: http://www.frumforum.com/wikileaks-wasnt-a-threat • Zamost, S., & Kaye, R. (2012, March 20). 10news/CNN Special Investigations Unit. Retrieved March 28, 2012, from Criminals May be Pocketing Your Tax Refund: http://www.10news.com/money/30720937/detail.html