Matt Luallen Explains What, How and Responding to Identity Theft
Post on 20-May-2015
1643 Views
Preview:
DESCRIPTION
Transcript
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
www.sph3r3.com
“ … delivering the information solutions required by the digital enterprise.”
What, How, and Responding to Identity Theft
What, How, and Responding to Identity Theft
Matthew E. Luallen
m@sph3r3.com
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
AgendaAgenda
• What is Your Identity• How Do Identity
Thieves Operate• Real Identities Stolen• What You Should Do• Two Simple Principles
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
What is your identity? What is your identity?
• Personal Services Account Numbers – Utilities
• Power• Cellular / Landline• Gas
– Credit Cards– Mortgage– Automobile Loans– Financial Services Accounts
• Drivers License, Social Security Number• Your picture, reputation and Internet content!
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
How identity thieves GET your personal information
How identity thieves GET your personal information
• Steal – wallets and purses containing your identification and credit and bank
cards. – your car, with insurance paperwork– your mail, including your bank and credit card statements, pre-approved
credit offers, new checks, and tax information. – your hotel bill from under your door, you check out – they check in.
• Complete a “change of address form” to divert your mail to another location.
• Dumpster Diving • Obtain credit reports fraudulently• They find personal information in your home and on the Internet.• Bribing co-workers and other internal employees• Phishing / Email Scams; Computer Hacks
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Phishing / Pharming (new name, old game) - CERT Advisory
Phishing / Pharming (new name, old game) - CERT Advisory
• http://www.cert.org/advisories/CA-1991-04.html• I. Description• The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received several incident reports concerning users receiving requests to take an action that results in the capturing of their password. The request could come in the form of an e-mail message, a broadcast, or a telephone call. The latest ploy instructs the user to run a "test" program, previously installed by the intruder, which will prompt the user for his or her password. When the user executes the program, the user's name and password are e-mailed to a remote site. We are including an example message at the end of this advisory. These messages can appear to be from a site administrator or root. In reality, they may have been sent by an individual at a remote site, who is trying to gain access or additional access to the local machine via the user's account.
• While this advisory may seem very trivial to some experienced users, the fact remains that MANY users have fallen for these tricks (refer to CERT Advisory CA-91.03).
• Issued in April of 1991!
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Another Example - ATM FasciaAnother Example - ATM Fascia
• Cyber conartists mimic ATMfascias inserting wirelesstransmitters
• Example Protective Solution– NCR Intelligent Fraud Detection– Senses devices added to the fascia including platic,
metal and wood– http://www.ncr.com/
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Others - Mini / Concealed DevicesOthers - Mini / Concealed Devices
• Be aware of your environment• Cameras are becoming integrated in to a number of
devices *and cheap*– http://www.spygadgets.com/
• Cell Phones– Badge snapshot and attempt to counterfeit?– Credit Card snapshot?
• Storage– Flash devices (integrated storage)– http://www.peripheral.com/products/diskgo/default.htm
• Printers, Copiers, Fax Machines• Other Shared Computer Workstations and Terminals
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
How identity thieves USE your personal information
How identity thieves USE your personal information
• Log in to your user accounts! (work or home)• They establish a new utility credit card or bank
account in your name • Counterfeit checks or debit cards, and drain your
bank account. • Give your name to the police during an arrest. If
they’re released from police custody, but don’t show up for their court date, an arrest warrant is issued in your name.
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
And (privacyrights.org)And (privacyrights.org)
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Example Identity Theft ResponseExample Identity Theft Response
• What could have prevented this from be problematic?
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Example Identity Theft ResponseExample Identity Theft Response
• Should I feel comfortable with this situation?
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Real Identities StolenReal Identities Stolen
• How were identities stolen?– Stolen Laptop– Lost Backup Tapes– Hacking– Accidental Online Exposure– Email Exposure– Dishonest Insider– Passwords Compromised– File Boxes Left Unattended and Unshredded– Hard Drives Stolen– External Auditor Loses Internal CD
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Protecting YourselfProtecting Yourself
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
What are your valued assetsWhat are your valued assets
• Most physical and currency based good are recorded in electronic format with the physical representation discarded
• Intellectual property resides in a number of common formats – Digital– Verbal– Paper
• Types of Valued Goods– Physical – Currency – Intellectual
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Information ProtectionInformation Protection
• Physical– Paper, CD, DVD, CC Shredding– Storage Media – Incineration, Degaussing
• Electronic– Data Encryption / Integrity Validation (Encrypting File Systems)– System Protective Controls (IPS, Spybot Detection)
• Verbal– World War II : *Lose lips sink ships* <period>
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Protecting YourselfProtecting Yourself
• Simple Steps– Identities are typically stolen for financial gain
• Protect and monitor your financial accounts• Cautiously enroll in a credit monitoring service
– Use separate web browsers for financial banking versus browsing
• Even better use separate computers or virtual machines if you are technically savvy
– Ensure protection / insurance options on any financial instrument
• Ex. IRAs / 401Ks
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
What Should You Do?What Should You Do?
• Place a fraud alert on your credit reports and review your credit reports.
• Close any accounts that have been tampered with or opened fraudulently.
• File a report with your local police or the police in the community where the identity theft took place.
• File a complaint with the FTC. – www.consumer.gov/idtheft – 877IDTHEFT
www.sph3r3.com
101010111101010101011010110101000001011101010101001010010010101010101010100011010101111111001
Only Two RequirementsOnly Two Requirements
• Anyone can listen to your conversations– It is not acceptable for any unauthorized
person or system to affect the confidentiality, integrity or availability of communications and storage of valued assets.
• Anyone can steal assets from you– Any asset loss must be protected so that
there is NO loss of confidentiality, integrity or availability of the valued asset.
top related