2007 Colorado Digital Government and Cyber Security Summit September 18, 2007 Mark Weatherford Chief Information Security Officer State of Colorado The Cyber Security Threatscape & the Colorado Response Copyright Mark Weatherford 2007
Dec 25, 2015
2007 Colorado Digital Government and Cyber Security
Summit
September 18, 2007
Mark WeatherfordChief Information Security Officer
State of Colorado
The Cyber Security Threatscape&
the Colorado Response
Copyright Mark Weatherford 2007
Agenda
• The Cyber Security Threat • The Cost of Insecurity• BOTS, BOTNETS, BOTHERDERS –
it’s not a foreign language• Dumb thing USERS (still?) do• What we are doing in Colorado State
Government
IDENTITY THEFT HELP
» State Employees can call a hot line to get more information on the records theft at 543-0073.
Article URL: http://denverposte.com/2006/04/14/news/story01.html
© 1996-2006 The Denver Poste | www.denverposte.com
Tuesday, September 18, 2007 - Denver, Colorado8:06:18 AM MDT
State reports mass identity record theftEmployees are warned to track their credit scores after the disclosure
By Ima [email protected]
State Attorney General Barney Rubble said federal authorities notified his office of the theft in January but asked that the information be withheld while an unrelated cyber crime investigation was ongoing. In letters sent yesterday, state officials warned Colorado Government Employees Association and United Public Workers members whose names were on the stolen list or who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 that they could be at risk of identity theft.
Records containing the names, Social Security numbers and birth dates of more than 40,000 individuals were illegally reproduced at a copying business sometime before January while they were waiting to be put onto a compact disc for the state.
H O A H O A X XRecords containing the names, Social Security numbers and birth dates of more than 40,000 individuals were illegally reproduced
Do a Google “search on Hacking Tools.” As you can see here, in 0.18 seconds there were
26.5M hits.
Tools of the Trade
The Threat in Context
Low High
High
Low
PotentialDamage
Probability of occurrence
2000
2003
2007
Hacker
CriminalEspionage
Terrorist
State Sponsored
JihadistsMobsters
2006 – Veterans Administration laptop with personal information
on 26.5M veterans is stolen. “Total losses could top $500M.” –
VA Secretary Nicholson
Hackers stole data from at
least 45.7 million credit and debit cards at retailer T.J.Maxx – total
costs could exceed $1.0B
California’s Health and Human Services Agency will spend $691,000.00 to notify
1.4 million people that their personal information may have been stolen in an August attack on a computer belonging
to the University of California – Berkeley.
Hackers “data mining” results in a $7,000,000.00 computer security upgrade in the state of Alaska. The attack resulted in a $41M
proposal for additional upgrades over the next five
years.-Anchorage Daily News
The Cost of Insecurity
• If you think the Internet neighborhood is safe…you’re WRONG!
• Hackers are looking for YOU and want to take advantage of YOUR organization!
• Hackers used to look for the big hit for notoriety in the Black Hat community
• No More! It’s all about the money!
• Mob. Terrorists. Criminals.
The Neighborhood has Changed
It’s a battleground out there• And a business:
– Overtly advertise criminal activity to maximize profits
– Extortion– Gambling site Denial Of Service attack can
cost up to $50,000 a day to be off-line
• Serious Stuff– Some experts won’t even talk publicly for fear of family safety
BOTS and BOTNETS
• A BOT is a compromised computer (called a zombie) and a BOTNET is a collection of zombies that have been infected with remote-control software.
Evil Botherder
BOTs – the next Killer App?
A BOTNET is an infrastructure for criminals to commit crime and make money by:
• Spamming• DDoS• Phishing Attacks• Worms
• Sniffing Passwords • Keystroke Logging• ID theft• Hosting Illegal Software
Who’s the Botherder?• Ruthless Hackers who infect, control, buy, and
sell BOTNETS.
• Digital Gang warfare – mostly from Russia, Eastern Europe, Brazil, and Asia
• Steal each others infected computers
• Knock each others BOTNETS off-line
• Use stolen A/V software to stop all attacks except their own on their infected computers.
Identity Theft
• Fastest growing crime in America• Big Business
– Average cost of a Data Breach$182.00 per lost record
– 2006 – average cost per company - $4.8M ($226,000 - $22,000,000)
• Typical Cause– Stolen laptops– Compromised Databases– Lost Back-up Tapes– Mismanaged email
- Ponemon Institute
Old News . . . but it still works!• From: Peter Wallace [[email protected]]• Sent: Sunday, September 12, 2007 12:53 PM• Subject: Classified-Proposition•
• HELLO FRIEND,•
• PLEASE BEAR WITH ME FOR NOW AND DO NOT ASK MY NAME.•
• WHAT I HAVE MAY BE OF INTEREST TO YOU. IT IS A BUSINESS PROPOSAL THAT WILL BE BENEFICIAL TO YOU AND I. I LIVE IN LONDON, UNITED KINGDOM. I AM 51 YEARS OLD AND I HAVE BEEN WORKING IN A BANK IN LONDON FOR THE PAST 17 YEARS WHERE I AM PRESENTLY AN ACCOUNTS MANAGER. I WILL GIVE YOU MY FULL DETAILS ON YOUR REPLY TO THIS LETTER. MY AIM OF CONTACTING YOU IS TO SOLICIT YOUR CO-OPERATION AND ASSISTANCE BASED ON ONE OF THE ACCOUNTS UNDER MY MANAGEMENT CONTAINING $18.5 MILLION (EIGHTEEN MILLION & FIVE HUNDRED DOLLARS) WHICH HAS REMAINED DORMANT FOR THE LAST TWELVE YEARS.
• THIS ACCOUNT WAS OWNED BY THE LATE MRS. JOVITA JASMINE CARERRA AND FOLLOWING MY INVESTIGATION, I FOUND OUT THAT SHE DIED ON MAY 1992 VIA A CAR CRASH IN THE BAHAMAS AND SHE LEFT NO CHILDREN OR NEXT OF KIN.
• I WILL INFORM YOU MORE ON HOW WE CAN GET THE MONEY IN HER ACCOUNT TRANSFERED INTO YOUR ACCOUNT IF YOU AGREE TO CO-OPERATE WITH ME ON THIS ON YOUR REPLY TO THIS MAIL.
• I WILL ALSO GIVE YOU MORE PERSONAL DETAILS OF ME AND THE TRANSACTION ON YOUR REPLY.
•
• PLEASE TREAT THIS AS CONFIDENTIAL, URGENT AND OF UTMOST IMPORTANCE.
• PLEASE RESPOND ONLY VIA: [email protected]
The following two screens demonstrate the capabilities of Back Orifice.
• The first screen shows a pop-up message a hacker sent to a victim.
• The second screen shows the view from the victim’s camera as he received the message.
Example of a Hacker Tool
Dumb Things User’s (Still) Do (2)• Installing unauthorized applications
• Turning off or disabling automated security tools
• Saving sensitive and private data where it doesn’t belong – memory sticks, laptops, etc.
• Surfing to gambling, pornographic, or other legally risky websites
• Sharing passwords
• Attaching to untrustworthy public WiFi networks
• Filling out on-line forms or registration pages
• Chat rooms and social networking sites
HB06-1157–IT Security in Public Agencies
HB 06-1157 signed in June 2006. The legislation established the Colorado Information Security Act with the following provisions:
• Created the Chief Information Security Officer (CISO)
• Created the Colorado Cyber Security Program (CCSP)
• Required Security Policies as Rules• Required a Plan of Action and Milestones
(POAM) with a three (3) year phase-in period
Colorado Cyber Security Program
What are we doing?– Enterprise Cyber Security Policies
– Incident Response Program
– Critical System Inventory - Risk Based Gap Analysis
– Laptop Encryption Project
– Intrusion Detection System (IDS) Deployment
– Firewall Management and Monitoring
– Security Event Management – Centralized Log Collection
– Threat and Vulnerability Assessment - WASP
– Cyber Security Training and Awareness
– Information Security Operations Center (ISOC)
Colorado Outreach
• Multi-State Information Sharing and Analysis Center (MS-ISAC)
• Colorado Government Association of Information Technology (CGAIT)
• Colorado Information Managers Association (CIMA)• Incident Response Summits• Cyber Security Advisories• Cyber Storm II