Protecting Yourself in Our
Digital World
Jodi Ito • Information Security Officer
Information Technology Services
jodi@hawaii.edu • (808) 956-2400
From Our President
QuickTime™ and a
decompressor
are needed to see this picture.
2
Today’s Thoughts
Our Digital World Today
Threats and Vulnerabilities
Mitigation Strategies
Security Awareness
3
Today’s Environment
4
has become a verb!
Technologies and Trends
 INFORMATION AGE!
 NOW Generation
 PDAs, laptops, netbooks + (wireless
networks/cellular broadband) = Mobile Computing
 Cellphones --> Smartphones
 “Texting”, “Tweeting”, “Friending” --> Social
Networking
WHOLE NEW WORLD!
6
Sign of Things to Come…
http://www.informationweek.com/news/s
howArticle.jhtml?articleID=219100621
7
Fun, Convenience, OR….?
Toy car lets kids spy on others
http://www.networkworld.com/video/?bcpid=60965047001&bclid=1363192037&bctid=681722120
01
Using mobile devices to open hotel doors
http://www.tnooz.com/2010/03/01/mobile/hotel-door-opening-technology-moving-to-mobiledevices/
8
QuickTime™ and a
H.264 decompressor
are needed to see this picture.
9
FTC P2P data leak alarm…
 The Federal Trade Commission this week
sent letters to almost 100 organizations that
personal information, including sensitive data
about customers and employees, has been
shared from their computer networks and is
available on peer-to-peer (P2P) file-sharing
networks to any users of those networks, who
could use it to commit identity theft or fraud.
 Search for “FTC P2P data leak” using your
favorite search engine
10
More P2P Filesharing Risks…
“P2P Snoopers Know What's In Your
Wallet”
http://www.networkworld.com/news/2010/020710shmoocon-p2p-snoopers-know-whats.html
“File Sharers, Beware!”
http://www.cbsnews.com/stories/2005/05/03/eveningn
ews/main692765.shtml
11
Digital Threats
 Viruses, Spyware, Trojans & Other Malicious
Software
 Botnets
 Phishing & Spam
 Identity Theft
 Cyber Stalking, Cyber Bullying, Online
Predators
 Etc., etc., etc….
12
Form Phishing
 North Carolina State University Phishing
Attack
 “Security” email directed recipients to web site
to “protect” their accounts
 Phishers used NCSU graphics to replicate
phishing web page
 http://www.ncsu.edu/it/security/webmailphishing.html
13
Anti-Phishing Phil
http://wombatsecurity.com/antiphishingphil
14
Useful Information
Federal Trade Commission
http://www.onguardonline.gov/
Department of Homeland Security
www.staysafeonline.org
15
Tapping Your Cell Phone
 http://www.wthr.com/Global/story.asp?s=9346833
QuickTime™ and a
decompressor
are needed to see this picture.
16
Booming Cyber Crime Industry!
Botnets: Rent-a-botnet
SPAM generators (steal email accounts
and passwords)
$$$ - Stolen sensitive information
Top 3 categories:
 Bank account - £5 ($8)
 Credit cards - 50 credit cards for £20 ($35)
 Personal identities - EU identities are worth
more
17
Underground Economy
Multi-Billion $$$ industry
TJX Data Breach:
 Estimated 94 million victims
 Estimated losses: $65M - $83M
August 2008: Hacker ring charged with
conspiracy, computer intrusion, fraud, &
identity theft:
http://www.consumeraffairs.com/news04/2008/08/hacker_ring.html
18
Background Resources
“Botnet probe turns up 70G bytes of
personal, financial data” estimated worth
$8.3M
 http://www.networkworld.com/news/2009/05
0409-botnet-probe-turns-up-70g.html
UCSB Computer Science Study:
 http://www.cs.ucsb.edu/~seclab/projects/torp
ig/index.html
19
Data Breaches
Privacy Rights Clearinghouse
http://www.privacyrights.org/ar/ChronDataBreaches.ht
m#CP
Over 260 millions records containing
sensitive information are involved in
security breaches
Educational Security Incidents:
http://www.adamdodge.com/esi/
20
Example
21
This Cyber “stuff”…
Affects us all!
 Each unprotected/unpatched computer is a
threat:
 Infected worm/virus/bot
 Could be used in a concerted attack against a
critical infrastructure
 Computers, servers, mobile storage devices
with any sensitive information represent a
vulnerability
22
What Do We Do?
Practice safe computing!
23
Keep Your Computers Safe
 Update the software on your computer weekly (or
more frequently)
 Install anti-virus and anti-spyware software and keep it
up-to-date
 Use accounts and strong passwords
 Encrypt sensitive information
 http://www.hawaii.edu/askus/729
 Don’t install unknown software from unknown sites
 Don’t share your accounts/passwords
 Use password protected screen savers
24
Use STRONG Passwords
 Not easily guessable
 Do not use dictionary words
 Use a combination of upper and lowercase
letters, numbers, and special characters
 No less than 8 characters
 Check your password strength:
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
25
Password Strategies
 Replace letters with numbers or characters
 Incorporate something memorable to you
 Example:
 need password for CitiBank online account
 got your mortgage in April 2005:
 04C7t7B@nk05
 Use a phrase and turn it into a password
 Example:
 My Favorite Food is Chocolate Ice Cream
 MfFiCiC2010m@r
26
More on Passwords
 Don’t use the same password for all accounts
 Change passwords frequently
 Use more difficult passwords on more
sensitive accounts
 Use a password safe (but don’t lose the
master password!)
 http://passwordsafe.sourceforge.net/
 http://www.hawaii.edu/askus/705
27
Protect Yourself and Information
 Don’t open unknown emails & attachments
 Visit only reputable web sites
http://safeweb.norton.com/
 Do not reply to SPAM or Phishing emails
 Only login to servers for the duration needed disconnect when done
 Don’t let others use your computer irresponsibly
 Use a credit card for online shopping
 http://www.hawaii.edu/askus/729
28
DO NOT EVER…
 …Give out your personal information in
response to an UNSOLICTED email, phone
call, voice mail
 If in doubt, CHECK IT OUT!
 Call the company using another legitimate phone
number (not the one provided in the email or
phone call)
 New scams use social networking sites to get
background personal information
29
Protect Your Sensitive Information
 BE SUSPICIOUS!
You can’t take back information you’ve
already given out
 Ask “Why?” when someone asks for your SSN
 Check your credit report:
www.annualcreditreport.com
30
Social Networking
 Do not post TOO MUCH INFORMATION!
 Internet is FOREVER!
 Whatever you post may circulate even AFTER you
delete it
 New scams use social networking sites to get
background personal information
 Watch what your children do on the computer
31
TTMI…
Tweeting Too Much Information:
http://pleaserobme.com/
32
Laptops and Mobile Devices
 Implement passwords on the device
 Backup your data frequently & test backups
 Store backups away from the laptop
 Encrypt sensitive information
 Watch your laptop at all times





Keep your laptop in your possession at all times
Don’t leave it out in your hotel room
Consider using a laptop lock
Consider laptop recovery services
Don’t leave your laptop in a car
33
Wireless & Public Computers
 Be cautious when using open wireless
networks
 Others using the network maybe be “sniffing” the
network
 If you must use a public computer, change the
password on the account accessed using a
secure computer ASAP
34
Wi-Fi Dangers…
 Security Expert Claims Thieves Can Detect
Wi-Fi In Sleeping Computers
http://www.wired.com/gadgetlab/2010/03/securit
y-expert-claims-thieves-can-detect-wi-fi-insleeping-computers/#ixzz0hKGscGjt
 Hidden dangers of free public WiFi
http://news.zdnet.com/2100-1035_22149778.html
35
BE AWARE!
Know what’s out there
(Google yourself)
Questions?
Jodi Ito
jodi@hawaii.edu
(808) 956-2400