Transcript Computer Security Seminar - Greater Cleveland PC Users Group

Computer Threats and Safety
Darren J. Mott
Supervisory Special Agent
Cyber Crime Squad
Federal Bureau of Investigation
Cleveland Division
1
General Outline
General Security
 Current Cyber Threats
 Threats to Children
 Common Scams
 How to report a Cyber Crime
 Social Networks
 How to conduct general forensics on your computer

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
2
General Security
The operating system on PCs (XP/VISTA) are
generally insecure out of the box.
 MAC users are generally safer than PC users, but as
MACs gain in popularity, more exploits are showing
up.
 Do not depend on the Microsoft Firewall to provide
much protection
 You should always have a third party security
program running on your system.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
3
Myth

“I have an anti-virus program, my computer is safe.”
•AV products only protect against computer viruses. There
are FAR more vulnerabilities that just viruses.
•AV products ONLY protect against less that 40% of known
viruses.
•AV products don’t protect you until AFTER the virus is
released.
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
4
Myth

“My computer is behind a router, I am safe.”
•While being behind a router is a good idea and your PC is
better hidden, it is not an end-all protection scheme
•Routers should be secured also
•Wireless Routers MUST be secured.
WPA security protocol and/or MAC address restriction
 Be careful connecting to unsecured wireless networks. Your
traffic can be monitored.
 Unless you have to, do not broadcast the network SSID.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
5
Myth

I don’t run a Windows Operating System, I don’t need
to worry.
• Linux and Mac users are generally safer from infection by
viruses, but not free from exploitation of known
vulnerabilities.
•Most computers are Windows based, so bad guys are
going to spend more time attacking that system.
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
6
Current Cyber Threats

Modern malware is passed along by a variety of
methods.
•Email – attachments
•Websites
•Software (especially pirated software)
•P2P networks
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
7
Types of Malware
Viruses
 Worms
 Wabbits
 Trojans
 Spyware
 Backdoors

Exploits
 Rootkit
 Keyloggers
 Dialers
 URL Injectors
 Adware

8
Current Cyber Crime Trends
Covert delivery of Malicious code
 Use of malware to steal personal information
 Use of this information to steal & manipulate
financial information
 Targeting of smaller banks, school districts,
churches and CFOs
 Organized groups arising to coordinate attacks
 Use of wireless networks to steal data
 Insider crime continues to be a problem
 Terrorism
 Espionage

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
9
General Protection TIPS
NEVER open an attachment from someone you don’t
know. If you get an attachment from someone you
do know but there is no text indicating what it is, be
suspicious.
 Use security software to restrict sites.
 Make your kids aware that they AREN’T really getting
free stuff from emails.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
10
Common Scams
Nigerian Email
 Work at home
 Western Union money transfer professional
 Phishing/Vishing
 Auction Fraud
 Lotteries
 Reshipping
 More details at www.ic3.gov

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
11
Online Transactions
If used on well-known sites it is generally a safe
transaction. Look for the lock in the lower right
corner of the browser or in the address bar the an
“https”. This creates a secure encrypted connection
between you and the vendor.
 Most theft occurs on the companies’ backend not
during the transaction itself.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
12
How to report a crime
Depending on the type of crime experience you should
contact local police, the FBI and at the very least
www.ic3.gov.
 Unless you work for a company that is the victim of a
computer intrusion you will be unlikely to find
resolution in the Federal System. Civil remedies are
generally more effective.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
13
How do I know if my
computer is compromised
Depending on the malware, you may not know.
 Is your computer really sluggish or slow? Then
maybe.
 Educate yourself on self-diagnosis. Google is your
friend.
 External data storage.
 Re-install OS periodically.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
14
Your Kids & Computer Accounts
Give them their own login and do NOT make it an
administrator account. This will restrict them from
installing programs.
 You can use third party to applications to restrict sites
(Cybersitter, Safe Eyes, Internet, Net Nanny etc..) but
don’t expect everything to be filtered.
 Not 100% protection, but better than nothing.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
15
Threats to Children
Highly targeted by pedophiles online, especially
because of the explosion of social networks (MySpace,
Facebook etc…)
 Check your computer for IRC, AIM, YAHOO
messenger, ICQ or any other IM programs. These are
gateway programs for problems (watch a single
episode of NBC’s To Catch a Predator for proof).
 Social Networks (Risks to everyone)
 Keep your computer in a common area.
 Tell your kids you are logging all their activity – even
if you aren’t (Google – “keyloggers for parents”)

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
16
Social Networks

Massive adoption in the consumer market
•MySpace, Facebook, LinkedIn, Friendster, Twitter
•Statistics on Facebook
Over 500,000,000 users (fall 2010)
 Over 250,000 new registrations per day
 Over 200,000 developers have submitted some sort of
Facebook application using basic programming skills and there
are over 350,000 official apps

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
17
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
18
Social Networking & Crime
Authorities say the web is largely to blame for a 16
percent increase in rapes this year.
 “In the past, rapists would have to hunt and
stalk…now all you have to do is get on the internet
and she’s waiting for you in a hotel room”.

Sgt. Darrell Price, Charlotte- Mecklenburg PD, Sexual Assault Unit as
quoted in “American Police Beat”, September 2009.
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
19
Ideal Exploitation Platform

Social networks have intrinsic properties that make
them ideal to be exploited by an adversary:
•Difficult to police: very large and distributed user base
•Trust network: clusters of users sharing the same social
interests developing trust with each other
•Platform openness for developing applications that are
attractive the general users who will install them
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
20
Too Much Info

The SN value proposition is information sharing
•“Linked In” - defaults for outsider access is not bad
•“Facebook” - defaults very open
•“Twitter” - no expectation of privacy anyway

Try this: go to your Facebook account and search for:
•<any company name in your city or area> and “Software”
or “Technology”
•From the list of results click until you find one that has all
their profile information visible... there are usually many!
•Can lead to guessed passwords or recovery questions
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
21
As an example

It took seriously 45 mins on wikipedia & google to find the info,
Birthday? 15 seconds on wikipedia, zip code? well she had always
been from wasilla, & it only has 2 zip codes (thanks online postal
service!) the second was somewhat harder, the question was “where
did you meet your spouse?”
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
22
WAY Too Much Information
(or compromised account)
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
23
General Forencics








Run>>cmd
Netstat
Samspade.org
Maxmind.com
Domaintools.com
Dnsstuff.com
Grc.com – Shields up
If you are not comfortable regarding these steps, find a
computer savvy friend.
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
24
Vigilance is the key.
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
25
Computer Security Issues Mailing List
I keep a personal mailing list that I send out security
issues from time to time (latest scams, new viruses,
etc..)
 If you want me to add you, send an email to
[email protected].
 If you think of a question I did not answer here, feel
free to contact me.

Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
26
Thank you
SSA Darren J. Mott
216-622-6916
[email protected]
Darren Mott’s presentation to Greater Cleveland PC Users Group www.gcpcug.org – 01/08/11
27