ABC of Digital Security Marek Suczyk April 13, 2011
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 1/29
ABC of Digital Security
Marek Suczyk
April 13, 2011
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 2/29
Cyberworld
2
Source: www.sxc.hu
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 3/29
Cyberworld
United States
» 239,2 mln Internet users (77,3% of the American population)
90%
3
0%
10%20%
30%
40%
50%
60%
70%
2000 2005 2007 2010
Source: http://www.internetworldstats.com; July 1, 2010
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 4/29
Cyberworld
Poland
» 22,5 mln Internet users (58,4% of the Polish population)
70%
4
0%10%
20%
30%
40%
50%
60%
2000 2005 2007 2010
Source: http://www.internetworldstats.com; July 1, 2010
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 5/29
So, what? What does it mean for me?
5
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 6/29
Two worlds
6
Source: www.sxc.hu
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 7/29
Am I secure?
Your system is as strong as its weakest link
7
„I didn’t break systems, I broke people.”
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 8/29
Internet threats
8
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 9/29
1. Malicious software (malware)
Infectious malware
» Computer viruses» Computer warms
Concealment
» Trojan horses
» Backdoors
For profits
» Spyware
» Keystroke logger
» Dialer, etc., etc...
9
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 10/29
Hackers or criminals?
90’s
» Hacking for fun, entertainment and recognition» Internet hooligans
Today
» Well organized and managed groups
» Often politycally motivated
» Earning huge amounts of money
10
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 11/29
2. Phishing
11
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 12/29
and fake landing page
Typosquating
» Original page: www.millennium-online.pl
» Fake landing page could be:
– www.milennium-online.pl (one ‘l’) – wwwmillennium-online.pl (w/o dot)
– www.millennium-0nline.pl (zero instead of ‘o’)
– Etc.
12
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 13/29
3. Naivness
259 723 visits in 6 months
409 „victims”
...with an investment of 17 Euro
13
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 14/29
4. Virtual friends
Do you know who on the other side is...?
14
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 15/29
5. Social networking
15
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 16/29
Golden rules
Use recent updates of your OS and security software
Do NOT turn off your self-preservation instinct
Behave like in your real life
,
Have a limited trust for a „virtual friend”
Remember that you are not anonymous on the Internet
ENJOY the Internet but be aware of what can happen
16
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 17/29
Digital format threats
17
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 18/29
Methods of physical data transport
18
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 19/29
Electronic cards
19
Source: www.sxc.hu
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 20/29
How to make a counterfait card?
20
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 21/29
Or buy it?
American credit card
» with CVV $2.11» w/o CVV $0.53
Non-american cards» with CVV $2.64
» w/o CVV $1.06
21
Source: CERT report 2010
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 22/29
Golden rules
Protect your digital data carriers
Use PINs and passwords where possible
Protect your PINs and passwords well
22
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 23/29
End of the life-cycle of your computer
23
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 24/29
Kroll Ontrack experiment
Purchase of 100 used hard drives on the Internet
Data Recovery
Found:
» 118 documents with confidentialit clause
» 18 364 personal data records
» 3 complete marketing strategies
» 12 company budgets
» 687 various business contracts
24
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 25/29
Do you use a shredder?
25
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 26/29
Do you really delete your computer data?
„Delete” does NOT erase your data
System Format does NOT erase your data
Reinstallation of your Operating System does NOTerase your data
Hammer does NOTdelete you data...
26
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 27/29
Golden rules
Use professional software to delete your sensitive data
Use a degausser to destroy your hard driveseffectively
27
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 28/29
Questions?
28
8/7/2019 OSAC/AmCham Country Council Meeting in Kraków 2011. ABC of Digital Security
http://slidepdf.com/reader/full/osacamcham-country-council-meeting-in-krakow-2011-abc-of-digital-security 29/29
THANK YOU
Marek SuczykManaging Director at Kroll Ontrack Poland
29