Transcript Safety and Security 2006
SLAC Computer Security
Annual Safety and Security Briefing 2006
Presenters
Teresa Downey Spear Phishing & Web Security Markers Heather Larrieu Everything Else…
Spear Phishing
No dangerous pointy objects involved… but they ARE hunting YOU!
Spear Phishing – Step by Step
1.
2.
3.
4.
5.
A targeted company is researched by scammer Emails and websites forged – easy to do!!
HTML emails sent They need you to click on the fake URL There goes your $$$ You cannot see true URL in HTML email
Plain Text Can Prevent Scam
Scammers don’t want us to use plain text True URL is normally displayed in plain text email
Spear Phishing – Last Step
Security markers are missing… where is https ?
where is lock in border?
Not a SLAC website!
Just a useless picture of a lock to trick you Faking web sites is very easy!
Secure Website Markers
Internet Explorer Firefox
What’s Behind That Lock?
Scammer can just create or buy a certificate Look at URL closely, these are invalid: http://www.slac.standford.edu http://0x47763ae7/www.slac.stanford.edu
Might get error:
Avoiding Phishing Scams
1. Read ALL e-mail in plain text Convert to HTML with one click if you trust the e mail 2. Look for valid URL in e-mail and browser Does it match where you intended to be?
3. Look for security markers in browser window 4. Stop if you get any Security Alerts 5. Do they REALLY need this information??
Regarding SLAC Websites…
SLAC HR wouldn’t ask for bank info via a web page If you are suspicious of web site then call the SLAC Department directly
Everything else…
Well, okay at least… scammer’s motivations PII wireless perils of ordering pizza
Making Money - Method 1
Sell Something
Adware and Spyware Tracking cookies Spam usually touting counterfeit goods
Adblock
Firefox: Tools -> Adblock -> Preferences IE: Nothing built in. “Adblock” for IE is actually adware so don’t go get it.
Browser Configuration
IE: Tools -> Internet Options Firefox: Tools -> Options
Javascript for Profiling
Making Money - Method 2
Scams, Fraud, Identity Theft Nigerian 419 scams Click-through fraud Steal some Personally Identifiable Information
Personally Identifiable Information
PII is essentially data that can be used to facilitate identity theft What people are doing with stolen PII ?
Credit card, Bank, Loan fraud Phone or Utilities fraud Applying for Government documents or benefits Magazine subscription (~0.2 % each year!)
Scope of the problem – FTC data (2003-2005)
10 million
victims of identity theft in U.S. Victims spend an average of
$1,500
and
175 hours
to recover Not including losses by vendors, merchants, or financial institutions
Making Money - Method 3
Be the “Middleman
”
from Wikipedia on
Botnets
Botnets
1. Herder deploys malware 2. Infected PCs log into an IRC server or other communications medium, forming a network with a central C&C structure 3. Spammer purchases access to botnet 4. Spammer sends instructions to the botnet 5. The infected PCs send the spam messages
POST http://www.XXXXXXXXXXXX.com:80/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=X XXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 HTTP/1.1
Host: www.XXXXXXXXXXXXcom
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q =0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://www.XXXXXXXXXXX.com/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXX XXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 Cookie: ASPSESSIONIDSCQDDCRC=IIBBDKKBCAOBKBIGABPBHNAI; ASPSESSIONIDCSDTABCC=KCGNNPKBABOIEJKIPBHEJHAH; ASPSESSIONIDSCTDADRC=OAOJABLBFFJKLGIDHPLLMDGM Content-Type: application/x-www-form-urlencoded Content-length: 268
LName= AAAAAAA &FName= AAAAAAA &TelePhone= 888888888 &ModeOfPayment=2&R em= IS+THIS+SECURE %3F+&CreditCardType=3&CreditCardNo= 123456781234567 & ExpiryMonth= 6 &ExpiryYear= 2009 &VisitorID=1&CatID=01&CatName=XXXXXXX+XXX XX+XX+XXX+XXXX&hLName=&hFName=&hTelephone=&hCreditCardNo=&hRem=
Wireless
Final Thoughts
Report all suspicious activity Send email to: [email protected]
Urgent: call HelpDesk at x4357 See Teresa, Heather, Bob Cowles, Gary Buhrmaster, John Halperin and Steffen Luitz at Computer Security table in breezeway for your questions