PPT Slides by Dr. Craig Tyran & Kraig Pencil Quotable “Maybe we should have given him a bicycle.” --Ed Darden, of Atlanta, who gave his son Frank, 16 a computer for Christmas. Frank [Legion of Doom] later was arrested for hacking into a phone system, threatening service through out the Southeast. http://neil.franklin.ch/Jokes_and_Fun/Computer_Quotes
31
Embed
PPT Slides by Dr. Craig Tyran & Kraig Pencil Quotable “Maybe we should have given him a bicycle.” --Ed Darden, of Atlanta, who gave his son Frank, 16 a.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
PPT Slides by Dr. Craig Tyran & Kraig Pencil
Quotable
“Maybe we should have given him a bicycle.”
--Ed Darden, of Atlanta, who gave his son Frank, 16 a computer for Christmas. Frank [Legion of Doom] later was arrested for hacking into a phone system, threatening service through out the Southeast.
• Department of Justice up 22%• Median dollar loss on complaints: $575• Total dollar loss: $559,700,000.• Many crime categories, including: auction fraud, non-
• You have to trust someone, but …– Insiders account for much of “lost” data
• “stolen credentials have become the most common way attackers gain access to enterprises. But the credentials were rarely stolen using sophisticated methods. Instead, malicious insiders were involved in 48% of cases -- a 26% increase vs. last year -- and in some cases, freely revealed their administrative passwords, enabling attackers easy access to sensitive data” (SearchSecurity.com: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1517422,00.html)
PPT Slides by Dr. Craig Tyran & Kraig Pencil
C. IS Security – The PlayersHackers: people who break into computers and computer networks
1. White-hat hackers
… hobbyists who follow “hacker code”; curious, not malicious
… or professional consultants who find security holesin the client’s own systems: perform penetration tests and vulnerability assessments
2. Black-hat hackers // Crackers• Cyber vandals; cause trouble for fun• Commit premeditated cyber crime,
steal information, $$, etc.
PPT Slides by Dr. Craig Tyran & Kraig Pencil
C. IS Security – The PlayersHackers: people who break into computers and computer networks
3. Hacktivist – Politically or socially motivated hacker– Site defacing– Denial-of-Service (DoS) attack
4. Cyberterrorist – deliberate, large-scale disruption of computer networks
Kevin Mitnick – superstar of hacking• Active 1980 – 1995 • Never profited or caused damage• 5 years in prison (8 months in solitary confinement)• “Social engineering” specialist: “no patch for stupidy”• Now a well-paid security consultant, speaker, writer
Vladimir Levin – Russian • Transferred $10.7 million from Citibank accounts• Captured in London, transferred to US, convicted/sentenced to 3 years• Citibank managed to recover 95% of the funds
Adrian Lamo 2002-2004• Victims: Yahoo!, Citigroup, Cingular, NY Times• “Homeless hacker” was also helpful. Unauthorized penetration testing.
Voluntarily informed some victims of their security weaknesses.• Arrested/Convicted/Ordered to pay $65,000 to NY Times
Robert Alan Soloway – the “Spam King” • 2008 47 months in federal prison, and $700,000 restitution• $7.8 million civil judgment awarded to Microsoft.
Others: Stephen Wozniak (blue boxes), Tim Berners-Lee (Oxford)
E. IS Security – Ways to address/combat security risks
6. Hire a good hacker • Break into your system and/or provide advice• Help you identify security holes
U.S. HIRED HACKER TO DETECT DIGITAL SPYING BY EMPLOYEES
WASHINGTON, D.C. – In the cyber age, there are few things so damaging as a determined insider with the right passwords.
The Defense Department hired a former hacker to lead a research program to detect digital spying by employees. Peiter Zatko is in charge of Cyber
Insider Threat program at the Defense Advanced Research Projects Agency, or DARPA. “I’ve played both offense and defense.”
His program is years away from any deployable solutions. In the meantime, the WikiLeaks releases show that the Pentagon failed to take basic steps to
protect sensitive information, such as detecting and preventing unauthorized downloads.
MCCLATCHYNovember 30, 2010
Redacted by Kraig Pencil
PPT Slides by Dr. Craig Tyran & Kraig Pencil
E. IS Security – Ways to address/combat security risks
6. Hire a good hacker
Kevin Mitnick – a busted hacker …
Emerges from prison and begins career as an IS Security consultant, writes a book
PPT Slides by Dr. Craig Tyran & Kraig Pencil
A Parting Thought …
The most likely way for the world to be destroyed, most experts agree, is by accident. That’s where we come in; we’re computer professionals. We cause accidents.