Vigilance is our best protection against cyber crime

Why vigilance is our best Protection

against Cyber Crime

The ability to download hacking tools means that a determined 12-year old with some basic computer skills can become not only a successful hacker but can actually make money from stealing on the internet.

For the more advanced wannabe, there are cyber crime black markets that sell personal data, credit card information, tools, passwords, and successful exploits.

In addition to that, criminals can rent “bot-nets” (a list of compromised and infected computers all over the Internet) from the cyber-criminal underworld. They can even purchase complete online stores to collect personal information or to sell bogus products.

Wannabe Cyber Criminals can post resumes and apply for cracking or hacking jobs, or apply to join Cyber Criminal Gangs

This is the world we live in

A little History of Technology in Crime

Crime is exponential.

In the old days it was Mano au Mano - one person stealing from one person.

We then added stage coaches, trains and banks one person stealing from a number of people.

The Sony hack in 2011 was one person or a small group of people stealing from 70 million people.

Mobile phones and pagers

The normal criminals were using these long before normal business people, Doctors and senior Management.

In the 1990’s one Mexican cartel and its drug lord were so annoyed at being targeted by law enforcement that they created their own complete mobile phone system

Phone towers in all 31 States,Mobile phones and their own SIM cards

The Mumbai terrorist attack (Raj hotel 2008)

Why did it take so long to catch the terrorists?

They had help!

They had the normal things, Guns and Bombs,

They also had GPS, Encrypted mobile phones and night vision goggles

They also had an Operations centre in Pakistan, telling where the good guys were and feeding critical information to them in real time

Meanwhile in Cyber Space

AndroidsIn its endeavour to beat the Apple IPhone, Google released the android operating system

September 2008 it was released to the world on HTC’s Dream

The android market went live at the same time selling everything from games to Apps for the android device

AndroidPeople started using the Android market and downloading apps and games for their devices

In the first month 50,000 banking apps were downloaded.

All were fake!

Even TodayDownload a flashlight app from either android and IOS

75% have a malware component

Seems to be the easiest app to get through the vetting process

If it asks you if it can access your location service then there is a good chance that it is bad for your phone

Why do you need a location service for a light?

A criminal organisation in the Ukraine set itself up as a marketing company:

Selling software and websites – Russian Brides, the FBI virus, all were malware infected

The Bad guys are so sophisticated - in 2012

Had all of the correct staffing in the office

including a call centre which could talk you through the process of sending them money to purchase their “Software” or sign up for a Bride.

They had Legitimate offices and payed taxes

Only about 5% of the people knew they were doing something illegal and most of them were not Management.

They generated 500 Million Euros in revenue in the first 12 months of operations

Actually the bad guys are here, right now!!!

The bad guys are smart, persistent, well educated in computer systems and know what they are doing

They are developing more and more sophisticated ways of gaining access to your systems and information

What do they want

• They want your Money

• They want everyone's information.

• They want your Ideas and Intellectual Property

The cost to everyone

• 2 trillion dollar industry – world wide

• There are unaccountable number of lives destroyed

• The actual loss of intellectual property cannot be measured

How do they do it!

They use Viruses, malware, spyware, ransom ware, RATs (remote access Trojans) and focused hacking attacks

They have sophisticated command and control systems

Use and create Bot nets

They use sophisticated encrypted communications systems

They rent cloud space, super computer cycles and bot nets – with a stolen credit cards of course

Paid in Bit coins (a supposedly untraceable finite internet based money)

Everyone is a target

If that doesn’t work they use social engineering and industrial espionage:

They put infected USB drives in car parks,

They swap out DVD’s and CD’s from Magazines

They use targeted Spear phishing attacks

I consider the internet the most dangerous place in the world

Its like walking down a dark alley in the worst part of your town or city, with your hands and feet shackled, you wallet full of money, credit cards and personal information and a big sign saying “ROB ME”

Why are we so vulnerable on the internet?

For some reason normal human checks and balances go out the window

They get round your defences in unpredictable ways

We all want to trust someone so they use our trusting nature against us

That’s what it all comes down to:Trust

Normally we use all of our senses when you meet someone– Sight– Sound– Touch– Taste– Smell

You often hear I didn’t like him, or I had a funny feeling about her.

The internet is all about trust

On the internet – sight is the only sense that we rely on

That can be skewed in so many ways.

How do you know that the person you are talking to on the internet is who they say they are

Was it her or is it this guy?

On the internet we rely on reputation, information from others to build that trust.

If you are purchasing something from Amazon?Do you check the sellers reputation. • How many things they have sold, • is there any outstanding complaints, • are the goods guaranteed!

When purchasing on the internet do you check the address, phone number?

Cybersecurity is MY problem.

Cybersecurity is MY problem. I have to look at it in that context. Cybersecurity is MY problem, I am the Master of my own destiny.

Cybersecurity is MY problem and If I want protection, I have to be the one protecting.

Cybersecurity is MY problem and I have to protect myself and not rely on others to do that for me.

What are the basics to protect yourself

Use Strong passwords – do not use a word, use a phrase with spaces in it

Use Unique passwords – do not use the same password on more than one account

Use the newest operating system and applications you can afford and keep them updated

Use a good Anti Virus – Buy one if you cannot afford to buy one use a reputable free one.

Be paranoid – on the internet paranoia is not a state of mind everyone is out to get you

Use Common sense – if its too good to be true then it is a trap. If its free then its not.

Awareness is the key to protecting yourself

Build up your cyber security awareness

Need Help?Go to www.securitypolicytraining.com.au and sign up for the basic cyber security awareness course.

This code Slideshare1 will allow the first 10 people to do the course for free

If all of the free ones are gone use Slideshare2 for a 40% discount

The only constant we have is change