The ABC’s of

Identity TheftPart One in a multi-part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery

Objectives

• Security Overview • Define “identity theft”

• Evaluate criminal methodologies

• Consider “protective” solutions

SOURCE: Infoweek TechWeb Webcast of 2/17/2010

Interesting information (cont)…• The most alarming sources of malware attacks come from:

• Social Networking @ 31%• Web sites @ 29%• Email @ 17%

SOURCE: Infoweek TechWeb Webcast of 2/17/2010

Interesting information (cont)…• Facebook receives 15 million requests for service PER SECOND• 49 % of companies polled allow their staff to access Facebook

SOURCE: Infoweek TechWeb Webcast of 2/17/2010

Potential Threat Vectors…

• Wireless access points

• Email accounts

• Social networks

• Web site attacks on browsers

“Vectors” of choice…

A new site to watch (or not)…• Reported in Sunday’s New York Times

CHATROULETTE

Only three months old and has grown to tens of thousands of users

During the 2nd half of 2008, 70 of the top 100 websites were found to have been

compromised or contained links to malicious sites.

A recent Oracle survey…• Security threats are poorly understood• 33% of those polled stated identity theft was a potential barrier to online purchasing• 42% were worried that personal details might be intercepted• 30% stated they didn’t trust web site security measures

Fringe sites…

The problems only occur after the user decides to click the

link!

Identity Theft

Identity theft in its simplest form is the compromise and

use of your personal data for the purpose of

committing a fraudulent act.

• It isn’t about credit card receipts

• It doesn’t always come from those unsolicited credit card company invitations

• It doesn’t happen from people looking over your shoulder at the ATM

What they want…• DOB• SSN/National ID number• Online banking information• Email address and passwords• Mailing address• Telephone number

• Access to your bank accounts

• Access to your credit card accounts

• Use of your personal data to secure credit • Use of your personal data to obtain fraudulent identification papers

Why they do it…

Criminal Methodologie

s

Cybercrime today has solid roots in Romania, Bulgaria and Russia.

Their “take” amounts to hundreds of thousands of dollars per day.

• IP Address• Email Address• Facebook

How they do it…• Overt “hacking”

• Trojans

• Key loggers

• Phishing/scam emails

Hacking• Remote access of private areas of the company server environment

Primarily access over the web 1) access into then company home page 2) access into sensitive files areas

• Unlawful or malicious removal of sensitive information

Internal/local access 1) USB drives 2) CD burners 3) Rogue wireless devices

Trojans

Potentially malicious executable files that access critical areas or files in your network or computer.

Key Loggers

Beware!

These executables have the ability to record ALL your password entries and then send them off to a specific address without you knowing it.

“Phishing” and scam emails

Emails that solicit the recipient to divulge key information in order to gain access to specific data.

How malware propagates…“botnet” is a term associated primarily with the negative aspects of malware distribution

10,000’s Message Variants

10-15 Unique Site Designs

1,000’s URLs100’s Web

Servers

One Support Website

One Pharmacy

One Merchant AccountBillions of Messages

100,000’s Zombies

The problems only occur when the user decides to click the

link!

What looks “innocent” really isn’t. Would you provide this information

to a stranger?

So, do you think this looks official and legitimate?

Protection Options

Anti-virus update…• Symantec (Norton) will leave the business

• McAfee is strengthening its position

• RSA is winning huge projects

• Sendio, Red Condor, AVG, etc…

“Security” regulations…• HIPAA - Health Information Portability and Accountability Act

• HITECH - Health Information Technology for Economic and Clinical Health Act

• PCI - Payment Card Industry

• Sarbanes-Oxley

Protection methods…• Firewall

• Resident Antivirus app

• Spyware/Malware app

• Endpoint security

• Forensics

Individual

Corporate

Firewalls…• Use them

• Whitelists and blacklists

• Monitor the common ports

Resident antivirus protection…• BOT detection• Malware detection• Hidden executable file detection

Spyware/Malware protection…• BOT detection• Malware detection• Hidden executable file detection

Endpoint security is

used to control,

secure and monitor all methods of

data transfer

Spotting malware activity…• Malware morphs

• IRC traffic increases across the common ports

• Increases in antivirus file changes

• Outbound SMTP traffic increases

• Host file modification

Using the “cloud”…

The solution can be on premise or in the “cloud”…• Premise-based solutions

• Cloud-based solutions

Your individual solution requires a “blended” approach…• Your firewall• Some sort of hardware or software “monitor”

Your corporate solution requires a “blended” approach as well…• Your firewall• Some sort of hardware or software “monitor”• Endpoint security with forensics

The problems only occur when the user decides to click the

link!

Larry PyrzSimpleTel, Inc.

www.simpletel.biz

larry@simpletel.biz

773-728-3315