1 Computer Threats and Safety Darren J. Mott Supervisory Special Agent Cyber Crime Squad Federal Bureau of Investigation Cleveland Division 1.

11

Computer Threats and SafetyComputer Threats and SafetyDarren J. MottDarren J. Mott

Supervisory Special AgentSupervisory Special AgentCyber Crime SquadCyber Crime Squad

Federal Bureau of InvestigationFederal Bureau of InvestigationCleveland DivisionCleveland Division

11

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11 22

General OutlineGeneral Outline

General SecurityGeneral Security Current Cyber ThreatsCurrent Cyber Threats Threats to ChildrenThreats to Children Common ScamsCommon Scams How to report a Cyber CrimeHow to report a Cyber Crime Social NetworksSocial Networks How to conduct general forensics on your computerHow to conduct general forensics on your computer

22


General SecurityGeneral Security

The operating system on PCs (XP/VISTA) are generally The operating system on PCs (XP/VISTA) are generally insecure out of the box.insecure out of the box.

MAC users are generally safer than PC users, but as MAC users are generally safer than PC users, but as MACs gain in popularity, more exploits are showing up.MACs gain in popularity, more exploits are showing up.

Do not depend on the Microsoft Firewall to provide Do not depend on the Microsoft Firewall to provide much protectionmuch protection

You should always have a third party security program You should always have a third party security program running on your system.running on your system.

33


MythMyth

““I have an anti-virus program, my computer is safe.”I have an anti-virus program, my computer is safe.”•AV products only protect against computer viruses. There AV products only protect against computer viruses. There

are FAR more vulnerabilities that just viruses.are FAR more vulnerabilities that just viruses.•AV products ONLY protect against less that 40% of known AV products ONLY protect against less that 40% of known

viruses.viruses.•AV products don’t protect you until AFTER the virus is AV products don’t protect you until AFTER the virus is

released.released.

44


MythMyth

““My computer is behind a router, I am safe.”My computer is behind a router, I am safe.”•While being behind a router is a good idea and your PC is While being behind a router is a good idea and your PC is

better hidden, it is not an end-all protection schemebetter hidden, it is not an end-all protection scheme•Routers should be secured alsoRouters should be secured also•Wireless Routers MUST be secured.Wireless Routers MUST be secured.

WPA security protocol and/or MAC address restrictionWPA security protocol and/or MAC address restriction Be careful connecting to unsecured wireless networks. Your Be careful connecting to unsecured wireless networks. Your traffic can be monitored.traffic can be monitored.

Unless you have to, do not broadcast the network SSID.Unless you have to, do not broadcast the network SSID.

55


MythMyth

I don’t run a Windows Operating System, I don’t need I don’t run a Windows Operating System, I don’t need to worry.to worry.• Linux and Mac users are generally safer from infection by Linux and Mac users are generally safer from infection by

viruses, but not free from exploitation of known viruses, but not free from exploitation of known vulnerabilities.vulnerabilities.

•Most computers are Windows based, so bad guys are going Most computers are Windows based, so bad guys are going to spend more time attacking that system.to spend more time attacking that system.

66


Current Cyber ThreatsCurrent Cyber Threats

Modern malware is passed along by a variety of Modern malware is passed along by a variety of methods.methods.•Email – attachments Email – attachments •WebsitesWebsites•Software (especially pirated software)Software (especially pirated software)•P2P networks P2P networks

77

88

Types of MalwareTypes of Malware VirusesViruses WormsWorms WabbitsWabbits TrojansTrojans SpywareSpyware BackdoorsBackdoors

ExploitsExploits RootkitRootkit KeyloggersKeyloggers DialersDialers URL InjectorsURL Injectors AdwareAdware

88


Current Cyber Crime TrendsCurrent Cyber Crime Trends Covert delivery of Malicious codeCovert delivery of Malicious code Use of malware to steal personal informationUse of malware to steal personal information Use of this information to steal & manipulate Use of this information to steal & manipulate

financial informationfinancial information Targeting of smaller banks, school districts, churches Targeting of smaller banks, school districts, churches

and CFOsand CFOs Organized groups arising to coordinate attacksOrganized groups arising to coordinate attacks Use of wireless networks to steal dataUse of wireless networks to steal data Insider crime continues to be a problemInsider crime continues to be a problem TerrorismTerrorism EspionageEspionage

99


General Protection TIPSGeneral Protection TIPS

NEVER open an attachment from someone you don’t NEVER open an attachment from someone you don’t know. If you get an attachment from someone you do know. If you get an attachment from someone you do know but there is no text indicating what it is, be know but there is no text indicating what it is, be suspicious.suspicious.

Use security software to restrict sites.Use security software to restrict sites. Make your kids aware that they AREN’T really getting Make your kids aware that they AREN’T really getting

free stuff from emails.free stuff from emails.

1010


Common ScamsCommon Scams Nigerian EmailNigerian Email Work at homeWork at home Western Union money transfer professionalWestern Union money transfer professional Phishing/VishingPhishing/Vishing Auction FraudAuction Fraud LotteriesLotteries ReshippingReshipping More details at www.ic3.govMore details at www.ic3.gov

1111


Online TransactionsOnline Transactions

If used on well-known sites it is generally a safe If used on well-known sites it is generally a safe transaction. Look for the lock in the lower right corner transaction. Look for the lock in the lower right corner of the browser or in the address bar the an “https”. of the browser or in the address bar the an “https”. This creates a secure encrypted connection between This creates a secure encrypted connection between you and the vendor.you and the vendor.

Most theft occurs on the companies’ backend not Most theft occurs on the companies’ backend not during the transaction itself.during the transaction itself.

1212


How to report a crimeHow to report a crime

Depending on the type of crime experience you should Depending on the type of crime experience you should contact local police, the FBI and at the very least contact local police, the FBI and at the very least www.ic3.govwww.ic3.gov..

Unless you work for a company that is the victim of a Unless you work for a company that is the victim of a computer intrusion you will be unlikely to find computer intrusion you will be unlikely to find resolution in the Federal System. Civil remedies are resolution in the Federal System. Civil remedies are generally more effective.generally more effective.

1313


How do I know if myHow do I know if mycomputer is compromisedcomputer is compromised

Depending on the malware, you may not know.Depending on the malware, you may not know. Is your computer really sluggish or slow? Then Is your computer really sluggish or slow? Then

maybe.maybe. Educate yourself on self-diagnosis. Google is your Educate yourself on self-diagnosis. Google is your

friend. friend. External data storage.External data storage. Re-install OS periodically.Re-install OS periodically.

1414


Your Kids & Computer AccountsYour Kids & Computer Accounts

Give them their own login and do NOT make it an Give them their own login and do NOT make it an administrator account. This will restrict them from administrator account. This will restrict them from installing programs. installing programs.

You can use third party to applications to restrict sites You can use third party to applications to restrict sites (Cybersitter, Safe Eyes, Internet, Net Nanny etc..) but (Cybersitter, Safe Eyes, Internet, Net Nanny etc..) but don’t expect everything to be filtered.don’t expect everything to be filtered.

Not 100% protection, but better than nothingNot 100% protection, but better than nothing..

1515


Threats to ChildrenThreats to Children Highly targeted by pedophiles online, especially Highly targeted by pedophiles online, especially

because of the explosion of social networks (MySpace, because of the explosion of social networks (MySpace, Facebook etc…)Facebook etc…)

Check your computer for IRC, AIM, YAHOO messenger, Check your computer for IRC, AIM, YAHOO messenger, ICQ or any other IM programs. These are gateway ICQ or any other IM programs. These are gateway programs for problems (watch a single episode of programs for problems (watch a single episode of NBC’s To Catch a Predator for proof).NBC’s To Catch a Predator for proof).

Social Networks (Risks to everyone)Social Networks (Risks to everyone) Keep your computer in a common area.Keep your computer in a common area. Tell your kids you are logging all their activity – even if Tell your kids you are logging all their activity – even if

you aren’t (Google – “keyloggers for parents”)you aren’t (Google – “keyloggers for parents”)1616


Social NetworksSocial Networks

Massive adoption in the consumer marketMassive adoption in the consumer market•MySpace, Facebook, LinkedIn, Friendster, Twitter MySpace, Facebook, LinkedIn, Friendster, Twitter •Statistics on Facebook Statistics on Facebook

Over 500,000,000 users (fall 2010) Over 500,000,000 users (fall 2010) Over 250,000 new registrations per day Over 250,000 new registrations per day Over 200,000 developers have submitted some sort of Over 200,000 developers have submitted some sort of Facebook application using basic programming skills and there Facebook application using basic programming skills and there are over 350,000 official apps are over 350,000 official apps

1717



Social Networking & CrimeSocial Networking & Crime

Authorities say the web is largely to blame for a 16 Authorities say the web is largely to blame for a 16 percent increase in rapes this year.percent increase in rapes this year.

““In the past, rapists would have to hunt and stalk…In the past, rapists would have to hunt and stalk…now all you have to do is get on the internet and now all you have to do is get on the internet and she’s waiting for you in a hotel room”.she’s waiting for you in a hotel room”.

Sgt. Darrell Price, Charlotte- Mecklenburg PD, Sexual Assault Unit as Sgt. Darrell Price, Charlotte- Mecklenburg PD, Sexual Assault Unit as quoted in “American Police Beat”, September 2009.quoted in “American Police Beat”, September 2009.

1919


Ideal Exploitation PlatformIdeal Exploitation Platform

Social networks have intrinsic properties that make Social networks have intrinsic properties that make them ideal to be exploited by an adversary: them ideal to be exploited by an adversary: •Difficult to police: very large and distributed user base Difficult to police: very large and distributed user base •Trust network: clusters of users sharing the same social Trust network: clusters of users sharing the same social

interests developing trust with each other interests developing trust with each other •Platform openness for developing applications that are Platform openness for developing applications that are

attractive the general users who will install themattractive the general users who will install them

2020


Too Much InfoToo Much Info The SN value proposition is information The SN value proposition is information sharingsharing•““Linked In” - defaults for outsider access is not badLinked In” - defaults for outsider access is not bad•““Facebook” - defaults very openFacebook” - defaults very open•““Twitter” - no expectation of privacy anywayTwitter” - no expectation of privacy anyway

Try this: go to your Facebook account and search for:Try this: go to your Facebook account and search for:•<any company name in your city or area> and “Software” <any company name in your city or area> and “Software”

or “Technology”or “Technology”•From the list of results click until you find one that has all From the list of results click until you find one that has all

their profile information visible... there are usually many!their profile information visible... there are usually many!•Can lead to guessed passwords or recovery questionsCan lead to guessed passwords or recovery questions

2121


As an exampleAs an example

It took seriously 45 mins on wikipedia & google to find the info, It took seriously 45 mins on wikipedia & google to find the info, BirthdayBirthday? 15 seconds on wikipedia, ? 15 seconds on wikipedia, zip codezip code? well she had always ? well she had always been from wasilla, & it only has 2 zip codes (thanks online postal been from wasilla, & it only has 2 zip codes (thanks online postal service!) the second was somewhat harder, the question was “service!) the second was somewhat harder, the question was “where where did you meet your spouse?”did you meet your spouse?”

2222


WAY Too Much Information WAY Too Much Information (or compromised account)(or compromised account)

2323


General ForencicsGeneral Forencics

Run>>cmdRun>>cmd NetstatNetstat Samspade.orgSamspade.org Maxmind.comMaxmind.com Domaintools.comDomaintools.com Dnsstuff.comDnsstuff.com Grc.com – Shields upGrc.com – Shields up If you are not comfortable regarding these steps, find a If you are not comfortable regarding these steps, find a

computer savvy friend.computer savvy friend.2424


Vigilance is the key.Vigilance is the key.

2525


Computer Security Issues Mailing ListComputer Security Issues Mailing List

I keep a personal mailing list that I send out security I keep a personal mailing list that I send out security issues from time to time (latest scams, new viruses, issues from time to time (latest scams, new viruses, etc..)etc..)

If you want me to add you, send an email to If you want me to add you, send an email to [email protected]@gmail.com..

If you think of a question I did not answer here, feel If you think of a question I did not answer here, feel free to contact me.free to contact me.

2626


Thank you

SSA Darren J. [email protected]

2727

1 Computer Threats and Safety Darren J. Mott Supervisory Special Agent Cyber Crime Squad Federal Bureau of Investigation Cleveland Division 1.

Documents

mac users

computer viruses

computer threats

av products dont

darren motts presentation

party security program

general forensics

known viruses