Protecting your Identity, Computer and Property

Protecting your Identity, Computer

and Property

Cyber Security and Self Defense

Part 1: There are sharks in the water!

Top Ten Famous Last Words:

1. “Identity theft will never happen to me.”

2. “The authorities will help me.”

3. “My accounts are fully protected.” 4. “I always act in a safe manner.” 5. “I’m a nobody, I’m not at risk.” 6. “I pay for an identity protection 6. “I pay for an identity protection

service, nothing can happen.”

7. “I check my credit every year, I’ll be able to catch problems in time.”

8. “I was already attacked, it won’t happen twice.”

9. “I have virus protection, nothing will get through.”

10. “I use a MAC, bad things only happen to Windows users.”

■

Damage to credit rating.

■

Inability to get loans, mortgages, jobs.

■

Financial loss, emptied bank accounts,

PayPal, etc.

So what’s all the fuss?

■

Unexpected loans or other debts.

■

Arrest for crimes you did not commit.

■

Being hounded by debt collectors.

■

Loss of or damage to online accounts.

■

The general sense that you’ve been violated!

■

Huge effort to restore credit.

■

Fear that it will happen again.

Danger

Important steps to protecting your computer, your data

and your identity:

1.

Accept the fact that you are at risk.

2.

Educate yourself on the different

vulnerabilities and potential damage.

3.

Develop your “radar” (awareness of danger).

What we’ll cover in this presentation

--Page 5

3.

Develop your “radar” (awareness of danger).

4.

Evaluate your personal situation.

5.

Take steps to protect yourself. Close ALL

holes in your armor that you can control.

6.

Keep abreast of new risks and attacks,

respond accordingly.

We live in a digital world

Ours is a highly interconnected world. Critical aspects of our lives have become more vulnerable than ever.

Homes _{Communications Industry and Agriculture}

Infrastructure Utilities Transportation Medical Page 6 Government Entertainment Identity Appliances The Internet

Banks and Finance Emergency Services

Our Cyber lives – vulnerable, open

With the right tools, everything on the internet can be viewed by anyone, anywhere.

Page 7

Criminal “Hackers” exploit weaknesses – accessing private data and causing harm to people and

Many Points of attack

--Attachments that trick you into running infected programs. Inviting-looking

websites or links that contain hidden

agents. Various kinds of “social engineering”, enabling unwanted intrusion. False warnings or emergencies that

cause you to let your guard down.

Offers of personal gain that lure you

into danger. Fake emails

claiming to be from known companies

1. Theft, usually via some kind of “identity theft”

a) Stolen funds (Paypal, brokerages, banks)

b) Redirected purchases from online dealers (Amazon,

Ebay, others)

c) False tax returns (refunds) d) Bogus loans in your name

2. Computer take-over (malware, viruses)

So, what can happen to me?

2. Computer take-over (malware, viruses)

a) Email zombie/scam robot b) Extraction of private data

c) Intentional damage to data and computer

3. Cons, scams, other mischief

a) Email scams b) False scares

c) Hacking of social site accounts and web sites d) Harassment

Identity Theft – The BIGGIE!

■

Once a criminal has your

personal information they WILL

attempt to use it. It’s not a

matter of “if”, only “when”.

■

Once your personal information

is “out there” there’s no putting

it back.

Image copyright (c) Fifth Third Bank

it back.

■

Many victims are attacked

multiple times.

■

The damage to your personal

reputation, financial well-being

and credit rating can be huge.

■

Companies and agencies often

do very little to help you once

you have a problem.

A particularly painful kind of identity theft...

Hackers: Who are they? What do they want?

Ethical Curious / Mischievous Criminal

Low Moderate High

White Hat Hackers Black Hat Hackers Gray Hat Hackers Intent Risk

Use their hacking skills for the purpose of improving security. Legal organizations and

Governments hire them in order to discover or solve

vulnerabilities and exploits.

Also called penetration testers.

Use their hacking skills for personal gain, either in monetary or non-monetary terms. Any criminal activities related to

hacked networks can be attributed to black-hat hackers. They make networks unusable for others and attempt to destroy or steal data for selfish motives.

Use their hacking skills for legal or illegal purposes, but never for personal gain. In most cases, they exist to share information and to accomplish something specific that is known only to them.

The moment a Hacker gains authorization to a system for which they are not explicitly authorized, they have broken the law.

How can my private data be stolen?

From your personal computing devices, physically or via malware: PCs, Macs Tablet computers Smartphones Discarded devices

Directly from you:

Your wallet, ID Cards, Phone conversations, Credit cards, Stolen mail, Phishing emails, your trash, and more!

How can my private data be stolen?

WIFI hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are

convenient, but often they’re not secure.

Unencrypted Public WIFI is easy prey to snoops

If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else.

The data stream is easy to watch, anyone within receiving range of the wireless can see exactly what you have sent and received!

Computers 101 – what you NEED to know!

Hardware

Operating

Applications

(Apps)

Data

The FOUR basic components that make computing possible:

Page 15

Hardware

System

(Apps)

Data

The physical electronics and mechanics. Software that defines the user interface and runs apps.

Software to do specific jobs, the real work.

Information the apps use and operate upon.

Computers 101 – what you NEED to know!

Hardware Operating System Applications Data

Examples of the 4 basic components:

Examples:

1. The “brain” (cpu, memory)

2. Mouse, Display, Printer

3. Networking devices

4. Storage devices, media

Examples: 1. Windows 2. Mac OS 3. iOS 4. Linux 5. Android Examples: 1. MS Office 2. Browser 3. Email App 4. Music player Examples: 1. Documents 2. Videos 3. Emails 4. Photos

What is Data?

What are Applications (apps)?

Why do I care?

In the simplest terms, Data = Noun, Application = Verb

■

Data can be a picture, document, spreadsheet or any other

“object” that is a collection of information.

Page 17

■

Data is generally not dangerous by itself, but there are

exceptions, such as zip files that can contain infected

Applications.

■

When you “open”, “view”, “edit”, “visit” or do any other

action or “verb” on your computer, you are running an

application.

■

Applications are frequent targets of hacking, simply

executing an infected application can bring harm.

Malware

Any program whose purpose is to harm.

"Malware" is short for malicious software and is typically

used as a catch-all term to refer to any software designed to

cause damage to a computer, server, or network.

There are many terms that describe Malware, both in terms of

how it enters and what it does once in place:

■

Viruses

■

Worms

■

Trojan Horses

■

Blended Threats

■

Spyware

■

Scareware

■

Bots

Malware comes in many forms

■ Programs or “executables” that infect your computer, can be

VERY difficult to detect and remove. Often self-replicating.

■ Sometimes doesn’t do direct harm, but instead opens your

computer to other attacks.

■ Commonly has multi-pronged attack vectors.

■ Often disable your protection (firewalls, virus protection) and

So, what exactly IS Malware?

Page 19

■ Often disable your protection (firewalls, virus protection) and

can prevent you from running or using other programs.

■ Can sit dormant for indefinite periods of time.

How does it get in?

■ Most often, it takes a human action (or inaction) to allow it in. ■ Frequently comes from email attachments or results from

visiting an infected web site.

What are the vulnerable spots?

Infected programs that execute on your computer

OS attacks, exploiting weaknesses in existing protections

Embedded executables that use stealth to get installed.

Hardware

Operating

System

Applications

Types of Malware: Viruses

■ Virus is a general term that covers a wide range of different

cyber attacks.

■ Almost all viruses are executables, which means most viruses

Virus -- needs your invitation

Page 21

■ Almost all viruses are executables, which means most viruses

don’t infect your computer until you run or open the malicious program.

■ Can range in severity: may cause only mildly annoying effects

or can damage your hardware, software or files.

Types of Malware :Worms

■ Worms “tunnel”, looking for ways to travel to other computers

or networks, do their dirty work and hide. They often use your contact list to find new victions.

■ Once installed, worms can spread from computer to computer

without any human action. A worm takes advantage of file or

Worm -- a special kind of virus

without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.

■ The biggest danger with worms is their capability to replicate

and spread quickly; they can cause your computer to send out hundreds or thousands of copies of itself, creating a huge

Types of Malware: Trojan Horse

■ The Trojan Horse, at first glance appears to be useful software

but will do damage once installed or run on your computer. Those receiving a Trojan Horse are usually tricked into running it because it appears to be useful software from a legitimate source.

Trojan Horse, tempting (like the legend)

Page 23

source.

■ Trojans are known to create a backdoor on your computer that

gives malicious users access to your system, possibly allowing confidential or personal information to be compromised.

■ Trojans are one form of “Social Engineering”, relying on

Scareware and Spyware

■ Scareware is Malware that is designed to frighten or alarm you, to

make you think bad things are happening. Scareware is often used as a tactic to cause you to let down your guard, allowing other Malware to enter. Example: “Your computer is infected, click here NOW to download protective software...”

click here NOW to download protective software...”

■ Spyware is Malware that steals private information. Spyware aids

in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

Ransomware

■ Ransomware is malware that displays a threatening message claiming

to be from a legal authority, while simultaneously locking your

computer. It makes a demand for immediate payment or your data will be lost. Payment of the ransom will NOT free up your computer!

Bots

■ A malware Bot is designed to automatically infect many computers

and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of

compromised devices, or “Botnet." With a Botnet, attackers can

Short for “Robot”, acts like an invading army

compromised devices, or “Botnet." With a Botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their target(s).

■ Bots can act as Spyware to log keystrokes, gather passwords,

capture and analyze web actions, gather financial information. They can also be used to launch attacks, relay spam, and open back doors.

■ There may be thousands or millions of PCs infected with any given

■

Apps may do things you don’t want:

– Track and report your location

– Access your Facebook info

– Access your phonebook and contact info

– Watch logins, other activity

■

Android and IOS are both affected

Special Risks on Smartphones and Tablets

■

Android and IOS are both affected

■

“Free” apps are particularly suspect

■

You can choose what to install, but

almost all apps ask for access to

things they shouldn’t need!

■

There are tools to scan currently

installed apps for permissions.

Other threats...

■ Phishing – Emails or web sites that fool you into

providing private information. May ask for credit card number, social security, etc.

Just when you thought you’d seen them all!

■ Pharming – Similar to Phishing, but more

insidious. Just by visiting a web site or opening an email, the Phishing attack installs a small

program that later makes you think you are going to a secure site (eBay, banking, etc.) but instead takes you to a fake where it “harvests” your login and other personal information.

Social Engineering

■ Social Engineers use deceit or trickery to get the

victim to perform actions or divulge confidential information.

■ Social Engineering is like a modern-day version

of the con game. It involves psychological manipulation to enable the attack.

A low-tech way to be taken

Page 29

manipulation to enable the attack.

■ Examples of Social Engineering:

– Baiting: leaving an infected CD ROM or USB flash drive where it will be found.

– Tailgating: seeking entry to restricted area, following a legal entrant before the door can close.

– Pre-texting: pretending to be someone in authority.

– Phishing, Trojan Horses, Diversion, the “10” Attack, and LOTS MORE!

Stay tuned for: