Why vigilance is our best Protection against Cyber Crime
May 08, 2015
Why vigilance is our best Protection
against Cyber Crime
The ability to download hacking tools means that a determined 12-year old with some basic computer skills can become not only a successful hacker but can actually make money from stealing on the internet.
For the more advanced wannabe, there are cyber crime black markets that sell personal data, credit card information, tools, passwords, and successful exploits.
In addition to that, criminals can rent “bot-nets” (a list of compromised and infected computers all over the Internet) from the cyber-criminal underworld. They can even purchase complete online stores to collect personal information or to sell bogus products.
Wannabe Cyber Criminals can post resumes and apply for cracking or hacking jobs, or apply to join Cyber Criminal Gangs
This is the world we live in
A little History of Technology in Crime
Crime is exponential.
In the old days it was Mano au Mano - one person stealing from one person.
We then added stage coaches, trains and banks one person stealing from a number of people.
The Sony hack in 2011 was one person or a small group of people stealing from 70 million people.
Mobile phones and pagers
The normal criminals were using these long before normal business people, Doctors and senior Management.
In the 1990’s one Mexican cartel and its drug lord were so annoyed at being targeted by law enforcement that they created their own complete mobile phone system
Phone towers in all 31 States,Mobile phones and their own SIM cards
The Mumbai terrorist attack (Raj hotel 2008)
Why did it take so long to catch the terrorists?
They had help!
They had the normal things, Guns and Bombs,
They also had GPS, Encrypted mobile phones and night vision goggles
They also had an Operations centre in Pakistan, telling where the good guys were and feeding critical information to them in real time
Meanwhile in Cyber Space
AndroidsIn its endeavour to beat the Apple IPhone, Google released the android operating system
September 2008 it was released to the world on HTC’s Dream
The android market went live at the same time selling everything from games to Apps for the android device
AndroidPeople started using the Android market and downloading apps and games for their devices
In the first month 50,000 banking apps were downloaded.
All were fake!
Even TodayDownload a flashlight app from either android and IOS
75% have a malware component
Seems to be the easiest app to get through the vetting process
If it asks you if it can access your location service then there is a good chance that it is bad for your phone
Why do you need a location service for a light?
A criminal organisation in the Ukraine set itself up as a marketing company:
Selling software and websites – Russian Brides, the FBI virus, all were malware infected
The Bad guys are so sophisticated - in 2012
Had all of the correct staffing in the office
including a call centre which could talk you through the process of sending them money to purchase their “Software” or sign up for a Bride.
They had Legitimate offices and payed taxes
Only about 5% of the people knew they were doing something illegal and most of them were not Management.
They generated 500 Million Euros in revenue in the first 12 months of operations
Actually the bad guys are here, right now!!!
The bad guys are smart, persistent, well educated in computer systems and know what they are doing
They are developing more and more sophisticated ways of gaining access to your systems and information
What do they want
• They want your Money
• They want everyone's information.
• They want your Ideas and Intellectual Property
The cost to everyone
• 2 trillion dollar industry – world wide
• There are unaccountable number of lives destroyed
• The actual loss of intellectual property cannot be measured
How do they do it!
They use Viruses, malware, spyware, ransom ware, RATs (remote access Trojans) and focused hacking attacks
They have sophisticated command and control systems
Use and create Bot nets
They use sophisticated encrypted communications systems
They rent cloud space, super computer cycles and bot nets – with a stolen credit cards of course
Paid in Bit coins (a supposedly untraceable finite internet based money)
Everyone is a target
If that doesn’t work they use social engineering and industrial espionage:
They put infected USB drives in car parks,
They swap out DVD’s and CD’s from Magazines
They use targeted Spear phishing attacks
I consider the internet the most dangerous place in the world
Its like walking down a dark alley in the worst part of your town or city, with your hands and feet shackled, you wallet full of money, credit cards and personal information and a big sign saying “ROB ME”
Why are we so vulnerable on the internet?
For some reason normal human checks and balances go out the window
They get round your defences in unpredictable ways
We all want to trust someone so they use our trusting nature against us
That’s what it all comes down to:Trust
Normally we use all of our senses when you meet someone– Sight– Sound– Touch– Taste– Smell
You often hear I didn’t like him, or I had a funny feeling about her.
The internet is all about trust
On the internet – sight is the only sense that we rely on
That can be skewed in so many ways.
How do you know that the person you are talking to on the internet is who they say they are
Was it her or is it this guy?
On the internet we rely on reputation, information from others to build that trust.
If you are purchasing something from Amazon?Do you check the sellers reputation. • How many things they have sold, • is there any outstanding complaints, • are the goods guaranteed!
When purchasing on the internet do you check the address, phone number?
Cybersecurity is MY problem.
Cybersecurity is MY problem. I have to look at it in that context. Cybersecurity is MY problem, I am the Master of my own destiny.
Cybersecurity is MY problem and If I want protection, I have to be the one protecting.
Cybersecurity is MY problem and I have to protect myself and not rely on others to do that for me.
What are the basics to protect yourself
Use Strong passwords – do not use a word, use a phrase with spaces in it
Use Unique passwords – do not use the same password on more than one account
Use the newest operating system and applications you can afford and keep them updated
Use a good Anti Virus – Buy one if you cannot afford to buy one use a reputable free one.
Be paranoid – on the internet paranoia is not a state of mind everyone is out to get you
Use Common sense – if its too good to be true then it is a trap. If its free then its not.
Awareness is the key to protecting yourself
Build up your cyber security awareness
Need Help?Go to www.securitypolicytraining.com.au and sign up for the basic cyber security awareness course.
This code Slideshare1 will allow the first 10 people to do the course for free
If all of the free ones are gone use Slideshare2 for a 40% discount
The only constant we have is change