Embed Size (px)
Citation preview
TechnologyA Blessing or a Curse
Richard C. LaMagnaLaMagna and Associates, LLC
Agenda
• Adoption of Digital Technology• Various types• Widespread use• Good uses• Examples• Cybercrime• Impact of Cybercrime• Case studies• Future
The Information Age
Information is not knowledge ~Albert Einstein
The Internet is becoming the town square for the global village of tomorrow ~ Bill Gates
Technology Adoption
tel. PC cell Inter
Telegraph The “Victorian Internet”
Internet
• 2B+ Internet users worldwide; penetration rate 30%¹
• 2012 U.S. Internet use ~240 M ---76% of population
• Average American 60 hours/mo (30 days/yr) online– 22% time SN sites– 42% search content– 36% email, shop, other²
¹www.itu.int²Pew Research Center, Internet and American Life Project May 2011
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 20120%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
78%
97%
74%
91%
54%
77%
20%
53%
18-29 30-49 50-64 65+
= 94% for all 18-49
= 2.6x increase
Internet Use by Age Group
Pew Research Center, Internet and American Life Project May 2011
June 2000
April 2001
March 2002
March 2003
April 2004
March 2005
March 2006
March 2007
April 2008
April 2009
May 2010
Aug 2011
April 2012
0%
10%
20%
30%
40%
50%
60%
70%
80%
34%41% 38% 37%
30%28%
23%
15%10%
7% 5% 3% 3%
3%
6%11%
16% 24%
33%42%
47%55%
63% 66%62% 66%
Dial-up Broadband
% of American adults age 18+ have high-speed broadband connection at home
Home Broadband
Mobile and Smartphones
Mobile and Smart Phones
• Globally >5B mobile users; penetration 76%¹• U.S. mobile Internet users ~ 114M up 17% since 2011• All U.S. mobile users 242.6M• Mobile buyers 37.5M• Smartphone users 106.7M in 2012, up 18.4% one year• 45% of U.S. adults own smartphones• 94% of smartphones users 2012 are mobile internet users• Smartphone shoppers 68.6M²
¹www.itu.int ²www.bloghubspot.com
April 2006 Dec 2007 April 2008 April 2009 May 2010 May 2011 April 20120%
20%
40%
60%
80%
100%
73%
88%
68%
58%
30%
61%
0.35
0.46
0.02
0.18
0.03
Cell phone (general) Desktop LaptopSmartphone E-reader Tablet
% of American adults age 18+ who own each device
Laptops > desktops
Smartphones > cell phones
Tablet ownership up 6x in two years
Mobile Devices
Pew Research Center, Internet and American Life Project May 2011
Cell phones
% of adult cell owners who use their phones to…
Take pict
ures
Send/re
ceive
text
msgs
Access
the in
ternet
Send/re
ceive
Record
video
Download ap
ps0
0.2
0.4
0.6
0.8
1
Sept 2009May 2011March 2012
How Cell Owners Use Them
Pew Research Center, Internet and American Life Project May 2011
Social Media (SM)• Globally > 1B SM users¹
• 65% U.S. adult Internet users use SM sites, MySpace, FaceBook, LinkedIn etc.
• 89% women (18-29) use SM sites daily
• Young adults daily use steady 61%¹
• Baby Boomers (50-64) daily use up 60% to 32%
• 87% of Fortune 100 use Social Media²
• 79% of Fortune Global 100 have branded YouTube Ch.³
¹Nehan Gupta, Gartner Research²Pew Research Center, Internet and American Life Project May 2011³Burson Marstellar Survey
2005 2006 2008 2009 2010 2011 20120%
20%
40%
60%
80%
8%
16%
29%
46%
61%65% 66%
2%
9%13%
27%
38%43%
48%
Ever Typical day
% Adult Internet Users Who Use SN Sites Like Facebook, LinkedIn or Google+
Pew Research Center American Life Project May 2011
Security
Security is… our top priority because for all the exciting things you will be able to do with computers.. organizing your lives, staying in touch with people, being creative.. if we don't solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.~ Bill Gates
Top Cyber Threats in 2011
Worms/virusMalicious websitesProbes and scamsMulti-protocol Brute ForceSequel injectionTrojan access attemptsUnauthorized accessBotnetsDDOS
IBM Monitoring of 13B events /day
Victims
• CIA• IMF• Citibank• Sony• Google• RSA• Lockheed Martin
• NasDaq• Stratfor• Visa• MasterCard• PayPal• Harvard• U.N.
Threats on the Rise
Malware
Worms
Viruses
Trojans
Root-kits
Spy-ware
Adware
Verizon 2011 Data Breach Report
2004-07 2008 2009 2010 20110%
10%20%30%40%50%60%70%80%90%
100%
Threat Agents by % breaches
External Internal Partner
Scope
88% Fortune 500 companies detected botnets
60% corporate email compromised
54% had viruses and malware¹
6M new malware strains ID-ed Q1 2011; 26% increase²
69% adults online have been victimized
Norton Data Breach Report 2011¹ ; McAfee Q1 Threat Report²
Cost of Cybercrime
Norton 2012 Cybercrime Report¹ R.Fisher, Int’l Assessment & Strategy Center Congress Testimony April 15, 2011²Symantec/Ponemon Institute 2012 Report³
$110B cost of global Cybercrime past year ¹
$274B add cost of lost time/ productivity
$ 200B Cyber espionage costs U.S.---mostly PRC ²
$7.2M to $5.5M --average data breach cost down ³
20% of companies spend <1% of budget on information security
Nature of Attacks
96% not complex
94% compromised servers
85% took weeks to discover
92% incidents discovered by 3rd
party
97% avoidable with simple measures
96% not compliant with PCI Standards
Verizon Data Breach 2012 Report
Mobile Devices•SM
S phishing increasing-no filters
•Users more likely to respond to phishing scams¹
Attacks on smart phones on increase; BYOD
greater risk
•Malware targeting Android up by 400%²
•10% adults experienced Cyber crime on mobile device
Mobile malware up 93% from 2010 to 2011
•85% users do not use security software
•81% of people surveyed use personal/ mobile devices for work
Laptops, smartphones, 34% of data breaches
2011
Norton 2011 Cybercrime Report¹; Juniper Networks²
Social Media (SM)
Global Survey of Social Media Risks Ponemon Inst. 2011
60% employees use SM for personal 30
minutes/day
42% use SM for work SM attack vector growing risk
52% orgs increase in malware re: SM use
“My greatest fear… is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese… billions of dollars on R&D and that information goes free to China…After a while you can’t compete.”Richard Clarke, former White House Cyber Czar, Smithsonian Interview April, 2012
IP Theft and Espionage
Advanced Persistent Threats (APTs)- target
corporate infrastructure
Once inside system go undetected to
steal IP
80% of lost data due to malware1
Targeted attacks replace email
barrage ²
Social engineering exploits behavior
Pattern of attacks traced to China
1 Verizon USSS 2010 Data Breach Report
2 Symantec 2010 survey of Skeptic Malware Detection System
Chinese Cybertheft Operations
• Operation Aurora 2009 – Exploited zero-day flaw in IE; installed Trojan, went after source
code repositories
– Evidence traced to China and Taiwan¹
– Targets Google, Adobe, Juniper, Yahoo, Symantec, DuPont Dow, Morgan Stanley, Northrup Grumman and others
– Exposed by hacktivist group when they released 60,000 emails of HB Gary security firm
– Damage in the $100s millions
¹New Clues Draw Stronger Chinese Ties to ‘Aurora” Attacks, KrebsonSecurity.com
Chinese Cybertheft Operations
• Operation Night Dragon 2009– Used Trojans to attack company servers; use RATs to
remove information– Targeted oil, energy and petrochemical sectors
• Operation Shady RAT (Remote Admin Tool)– Five year op started 2006 targeted 70+ global
companies/orgs– Governments, industry, energy, technology, NGOs– Single largest intell gathering effort since Cold War
Case Studies
• Wikileaks revealed massive Byzantine Op. started 2006 target sensitive data
• “Byzantine Candor” linked to PRC military stole sensitive information from >20 organizations
• One company lost 10 years’ $1B worth research in one night
• July 2012 Chinese hacked into computer of EU Council President Herman Van Rompuy during crisis in Greece– Eleven other EU officials’ computers hacked
Who Are They?
Techno-groupies
Digital Gangs
Aggrieved Individuals
CriminalsHactivists
Script Kiddies
State-sponsored
hackers
Hacktivists
•DOJ shut down MegaUpload file sharing operation
•$40 M assets frozen by Hong Kong Customs & Excise
Jan. 2012 attacked RIAA, CBS.com other pro-Stop Online Piracy Act (SOPA)
organizations
•100’s of well organized gangs
•Motivated by resentment or politics
•Distributed Denial of Service (DDOS), spam, phishing, malware attacks
Emerging “digital gangs” and “aggrieved
individuals”
Mark Weber Tobias blog
Now people are leaking to Anonymous and they’re not coming to us with this document or that document or a CD, they’re coming to us with keys to the kingdom, they’re giving us the passwords and usernames to whole secure databases. … The world needs to be concerned.
Christopher “Commander X” Doyon (Anonymous) Interview Montreal Gazette May 14, 2012
Anonymous
Anonymous Attacks
Billions $ damage to corporations, banks,
gov’t agencies
FBI, CIA; Op. Payback
Stole Sony PS data for over 75M user
accounts
Retaliation for DOJ v. George Hotz for
PS3 hack
Hard to ID and stop them; international
operators
HB Gary Federal, RSA (cost $55M)
Trends
•Company secrets
•R & D data
Cybercrime continues rise beyond financial to IP and
other targets
•50% of employees will fall for phishing ruse¹
•More attacks happening on social networking sites
Target individuals in key positions; spear phishing
and spyware
•80% of employees use personal devices for work
•155% growth in malware targeting mobile devices in 2011²
Target mobile devices used more for banking,
payments, etc.
¹Wombat Security Technologies;Juniper Trusted Mobility Index²
Enforcement Challenges
Cyber laws lack harmonization across jurisdictions
Authorities lack resources; expertise varies by country
Actors in countries with no laws, enforcement or cooperation with U.S.---lack of political will
Agents of a foreign country seek to harm U.S.
U.S. Law Enforcement resources limited
Civil actions are expensive, lengthy and complicated
Future
Organized criminal activity; crooks team up with Cyber criminals
Hactivist threats, intimidation, information and IP theft
State-sponsored Cyber warfare will impact physical world, e.g. Stuxnet, Flame
State-sponsored IP theft and espionage by China, Russia etc.
Attacks on mobile devices, apps for work, banking, commerce, emails, etc.
ConclusionCybercrime escalating beyond capacity to control it
Int’l commerce and infrastructure at mercy of criminals
Urgently need int’l Cyber cooperation framework
Public-private partnerships are essential
