BIT 4624 Midterm Review

Weibo breach

(538 million) In March, news broke that the personal details of more than 538 million users of Chinese social network Weibo were available for sale online. A hacker then claimed to have breached Weibo in mid-2019 and obtained a database that allegedly contained the details of 538 million users and was selling the data for $250 on the dark web. No password or payment information but the records contained PII, such as real names, site usernames, gender, location as well as phone numbers for 172 million users.

Cam4 Breach

(8.3 billion records) Anurag Sen, at Safety Detectives, discovered a significant data leak belonging to adult live-streaming website CAM4.com. The website is owned by Irish company Granity Entertainment. The database, according to the research team, exceeded 7 terabytes with production logs dating from March 16, 2020 and increasing daily, containing 10.88 billion records with PII (First and Last Name, email address, password/usernames, user conversations and emails, sexual preference, payments, etc.)

Whisper Breach

(900 million records) A "secret-sharing" app, Whisper, who called itself the "safest place on the Internet," exposed PII, including, intimate confessions, ages, locations and other details, and allowed anyone to access all of the information tied to anonymous "whispers" posted to the app. The exposed records did not include real names but did include a user's stated age, ethnicity, gender, hometown, nickname and any membership in groups, many of which are devoted to sexual confessions and discussion of sexual orientation and desires.

Blue Kai Breach

(billions) In June 2020, security researcher Anurag Sen found an unsecured BlueKai database accessible on the open Internet. The database held billions of records containing names, home addresses, email addresses, and web browsing activity like purchases and newsletter unsubscribes.

1970s

- Early data protection law o Firsts sets of regulation were in the _________ and regarding governmental regulation § Secret databases that governments were making decision

Sony Attack Summary

- Hacked by #GOP ---> North Korean government wasn't really involved ---> The movie, The Interview was a potential reason for the hack ---> no evidence directly implicates the North Korean Government ---> North Korean programmer charged in the Sony hack and WannaCry attack

r; w; x

- Permissions - ability to: o ___ - read o ___ - write o ___ - execute o Example: g - rx = remove the ability of a group to read or execute a file

Silk Road; .com

- Ross Ulbricht o Founder of ___________ o He was a normal middle-class person in America, sharp left turn where he decides he wants to create the silk road marketplace o Was one of the most successful ____________ entrepreneurs § He took huge commissions because the stuff sold on silk road was illegal o He paid for hits on competitors o Caught him at a public library, because he always used public wifi o Got wealthy o Illegal products require good markets to survive ---§ Need to provide a safe place for people to buy and sell

Some places thrive from hackers

- There are cities that survive off hacking services like Hackersville, Romania o No extradition laws - Havens

Neiman Marcus Breach

1.1 million to 350,000. 9200 are known to have been used fraudulently

Michael's Breach

3 million customer debit and credit cards compromised by "highly advanced malware"

U; O; G

3 types of users o ___ - user o ___ - all other users o ___ - group

Home Depot

56 million card records were hacked in this attack that is said to revolve around malware that was installed on cash register systems

U - user O - all other users G - group "-" - Remove Permissions "+" - add permissions R - read W - write X - execute

An example for the midterm would be seeing a string for permissions for user, group, all other users - who has what permissions or what does a command mean

employees; phishing; organizational

Analytics for Human/Managerial Problems • Detect suspicious behavior from _________________ and "customers" • Detect ________________ attacks and who might be susceptible to them • Understanding the predictors of breach for ________________ units.

network; exfiltration; compromised

Analytics for Technical Problems • Anomalous detection of ___________ attacks • Detecting data __________ by attackers • Identifying ________________ accounts

British Airways breach

Approximately 380,000 travelers who purchased plane tickets on the British Airways website and mobile app were robbed of their personal data in August, including their full credit card information.

$40; College students

Being a Target: • US identity theft costs are believed to be over _______ billion/year. • Victims average $2,000 - $15,000 in costs. • ________________ ____________ are increasingly popular targets for identity theft: more credit cards, and less experience with them.

Anonymous

Between December 2010 and June 2011, _______________ and related groups attacked websites including Visa, Mastercard, PayPal, HBGary, Fox, Sony Pictures, PBS, Bethesda Software, and international governments. Targets included email, Twitter accounts, credit cards, personal data, and confidential business data.

big business; organized; profit

Big Business: Hacking and Identity Theft • Hacking, malware, and identity theft are becoming __________ ______________. • The model has shifted from individual entrepreneurs to _____________ crime • Direct _________ motive: Malware is no longer used for bragging rights, or to attack other crackers or hackers - it is used for profit

Anonymous

By the numbers: _____________ was quite active in the information theft space • Confidential data on 70,000 potential X-Factor contestants • Personal data for 100,000 Sony website users • Personal data for 200,000 Bethesda software site users • $700,000 in false credit card charges • Personal data for 860,000 Stratfor subscribers or clients • DOS attacks against Visa, Mastercard, and Paypal for refusal to process charges in support of Wikileaks • DOS attacks against foreign government computer systems

Chase Breach

Chase's website was inaccessible to regular customers for about a day in March because of a cyber attack.

Goals of an information security professional

Confidentiality Integrity Availability

Ethical; corporate

Ethics: Who • _________ codes are frequently attached to certifications or professional organizations ---> • SANS GIAC ---> • ISC2 ---> • ISACA ---> • ISSA • Ethics statements are also part of many _______________ handbooks

educational

FERPA • Right to access ____________ records • Right to seek amendment • Right to have some control over disclosure • Prohibits the release of personally identifiable information from a student's educational record without consent • Some reasonable rights for schools • Directory opt-out comes from this

cutoff

FERPA penalties o One real penalty: a _________ of Federal funding to an institution o VT needs to comply with FERPA or else they will lose all funding

Anonymous; Anonymous

HB Gary was hired to find out the identities of people in _____________ - _____________ - exposed the identities of employees and education background of HB Gary

HIPPA Overview

HIPPA o Covers Protected Health Information (PHI), which includes individually identifiable health information. o Defines and limits the circumstances an individual's health information may be used or disclosed. o Things that you may want protected: Disability - learning disability (ADHD), Epilepsy - may not want an employer to know this information o You may not want your information to be released to family members o Health insurance companies - they would charge you a higher premium o Potential romantic partner o Generic personal information o Mental health info, medications, suicide attempts, substance abuse, physical abuse - things you don't want people to know o HIPPA is designed to provide protections around health information

providers

HIPPA: Who is covered § Health care clearinghouses § Health plans § Health care _________ conducting standard electronic transactions

difficult

Hacker Motives: Motives of hackers are extremely ____________ to predict and rationalize and curious set of people

GDPR

Headline: ___________: 160,000 data breaches reported already, so expect the big fines to follow.

one server; password

How they pulled off the Sony attack: - The GOP initially hacked into ________________ that was not well protected, and escalated the attack to gain access to the rest of the network ---> Defense in Depth strategy lacking - The password "_______________" was used in three published certificates were published by GOP ---> The certs were subsequently used to digitally sign malware.

US

If you are not a US citizen, you have no protection from the ___________ in terms of being spied on by the US government

Hacktivism

Refers to the idea that you can use hacking as some form of social protest, and use hacking for good

Kim schmittz

Sentences Appropriate?: o _____________ ____________ - shared music on the internet - 50 years ---§ Kim is making tens of millions of dollars by pirating other people's content o Killer, rapist - 20 years

great

Sentences: o These hacking activities aren't typically violent § They can result in _________ harm though · Financial · Infrastructure · Everything today relies more on tech and has more potential to be dangerous

15

Smiling Hacker - Hamza Bendelladj - _______ Years in Jail

gray

Is Hacktivism Good/Bad? o Hacktivism is very subjective - what one person does to 'help' or for 'good' reason is subjective, if one person decides what is wrong they can cause more harm than good § A lot of _________ area

deleting algorithm

Sony Attack continued: • To make sure nothing could be recovered, the attackers added a special _______________ _________ that overwrote the data seven different ways. • Also, boot sectors were corrupted for good measure.

Sony Attack

Sony cancelled the Interview premiere amid terror threats

$1

Sony suffered a _____ billion loss after the breach

ISPs; ISPs

Stored Communications Act • Addresses "stored wire and electronic communications and transactional records" held by _______ as part of the ECPA. • Defines "electronic communications services" and "remote computing services" • In general prohibits ____________ from releasing the contents of communications they carry or store. They can, however share non-content information: logs, email addresses.

intelligence; Encrypts

TED Talk Jamie Bartlett o TOR browser § Originally was a US ______ project § _____________ your IP address § Addresses inn .onion § The 30,000 sites on this browser are hard to shut down § Whistleblower site, commercial hacking services, drug services

Wiretap; Low; employer

The ECPA • Electronic Communications Privacy Act • Extended restrictions on wiretaps to include electronic data • Updated the __________ Act • _________ bar for access to records: government agencies simply need to claim it's relevant to foreign counterintelligence to skip judicial review • Doesn't do much about ____________ monitoring of employees.

Restricts; Systems of Record

The Privacy Act • ___________ the ability of the federal government to collect, store, and disseminate data. • Requires a ___________________ Notice (SORN) --> • Outlines collection purpose and minimization --> • Right to Access and Correction --> • Limits on sharing collections of personal information

Equifax Breach

The credit monitoring firm Equifax disclosed a massive breach at the beginning of September, which exposed personal information for 145.5 million people. The data included birth dates, addresses, some driver's license numbers, about 209,000 credit card numbers, and Social Security numbers—meaning that almost half the US population potentially had their crucial secret identifier exposed.

Colonial pipeline Breach

The fuel pipeline operator was struck by ransomware, courtesy of DarkSide, leading to fuel delivery disruption and panic buying across the United States. The company paid a ransom, but the damage was already done.

Ashley Madison breach

The high-profile hack left the personal data of more than 37 million users vulnerable and prompted class action lawsuits against the site's parent company Avid Life Media and Avid Dating Life, which owned and operated Ashley Madison.

heists

There is great value in data _________ like stealing credit cards

hospitals; outdated; NSA; internet; url

Wannacry Attacks · Affected ____________ in the UK initially but then expanded around the word · It spreads using vulnerability in the __________ software · The ______ lost a set of zero-day vulnerabilities which made the hack spread very quickly · People were actually concerned about whether or not the ______________ would hold up · Wannacry had a kill switch that was a _____, once it was registered it would stop the malware - Marcus Hutchins stopped the attack by utilizing the kill switch url

data; communications; Cross; broad

Why are Ethics Standards important? • Security professionals: ---> • Have access to highly sensitive _________ and systems ---> • Can see ________________ sent by individuals at all levels ---> • __________ organizational boundaries ---> • Have ___________ responsibilities to protect confidentiality, integrity, and availability

Microsoft exchange breach

Widespread compromise of Microsoft Exchange servers caused by a set of zero-day vulnerabilities known collectively as ProxyLogon. The Redmond giant became aware of the flaws in January and released emergency patches in March; however, the Hafnium state-sponsored threat group was joined by others for months after in attacks against unpatched systems. Tens of thousands of organizations are believed to have been compromised.

interception; enforcement

Wiretap Act • Formally U.S.C. §§ 2510-2522, it was first passed in 1968 as Title III of the Omnibus Crime Control and Safe Streets Act --> • Defines wire and electronic communications --> • Prohibits unauthorized ______________ and access to stored data, but allows service providers exceptions --> • Codifies law ______________ access --> • Prohibits malicious destruction of equipment

Yahoo Breach

Yahoo disclosed in September 2016 that it suffered a data breach in late 2014 impacting 500 million accounts. Then in December 2016 the company said that a billion of its users had data compromised in a separate August 2013 breach.

FERPA

__________ o One of the weird places where people study information o Called information schools § They focus on schools, libraries § People were becoming afraid of checking out certain books on certain subject for fear of being labeled by the government - extend this to education § We can take classes on certain issues that are polarizing and could be seen negatively o We should as students be able to study different ideas and get exposure to difficult subjects - an employer may have a differing point of view or question a class you took on communism

(ISC)2

____________ - Code of Ethics Preamble - Code of Ethics Canons

SANS: GIAC

__________________ - Respect for the Public - Respect for the Certification - Respect for my Employer - Respect for Myself

The silk road; black

__________________ o One of the first very successful __________ markets on the deep web § Sold: · Hitmen · Drugs · Services o Everything is on the dark web - drugs, weapons, services

Privacy Paradox; phished

________________________: A study conducted in England found that 45% of the women gave their passwords while 10% of men did the same when offered a candy bar in exchange. - Women are at a higher level of being ____________ than men

Annual; Authenticate

Key Elements of FERPA • ________ notice • Maintain a record of disclosures ---> • All those who requested access to a student's records, or those made in emergencies, but not those done as part of the institution's direct work, with consent, or in a directory • ____________ requestors ---> • "reasonable methods"

permitted; exceptions

Key elements of HIPPA • Outlines _________ uses and disclosures • Defines who is covered • Has ___________ for public interest and benefit activities • Provides notification requirements

LivingSocial Breach

LivingSocial notified 50 million users in April that a hacking attack had compromised customer names, email addresses, birth dates and encrypted passwords.

Jimmy John's Breach

credit and debit card information collected at 216 locations across the nation had been breached

PF Chang's Breach

customer credit and debit card information had been compromised at 33 restaurants (went on for a year)

fringe; popups

o Dark net is one of the most exciting places on the web § It takes place in ____________ locations, and in wealthy people's homes § There are no _____________, advertisements

Examples of how Silk Road functioned well

o Every product on Silk road § High resolution image § There is a report this item button § You pay with cryptocurrency § Enter your address § Things you bought almost always arrive - because of user reviews · A seller sells under the same pseudonym - buyers trust sellers based on the user feedback from the site § Sellers offer - free shipping, BOGO, good shipping times, responsive, anonymous transactions § A seller example · 'Drugs Heaven' - showed how kind people were

corporations

o Shift to: corporations and laws to regulate ____________ as they were able to get further access to computers and computing power o Contextual regulation - data flows throughout the economy - No companies could get computing devices previously

bad ethics

o The employee was logging into the office and paying someone overseas to do the work for them, while they essentially did nothing. ---> gave up a fraction of his pay to someone oversees § There is evidence that this guy did this at multiple companies o This wasn't a technical breach but a breach that occurred from _______________

Security Analytics

the process of using data collection, aggregation, and analysis tools for the management of security risks.

whatever; spending

· Why were magnetic strip credit cards less safe? o You could encode _________ you wanted on a magnetic strip o You would buy the info for credit cards o Encode their info o Use their _________ limit

harsh; massive

• By and large, the law does not regularly consider motive in these crimes and often penalties are _________ • Part of the reason is that a cyber attack can be at a ____________ scale with a single click of a button ---> • Damage can be significant

More damage from the Sony attack

• Emails from Sony executives make racist comments about president Obama ---> • E.g. favorite movies are Django Unchained, Twelve Years a Slave, etc. ---> • "Ride-along. I bet he likes Kevin Hart." • Complains About their stars and Actors Sony Celebrity pseudonyms revealed --> • Jessica Alba - Cash Money --> • Natalie Portman - Laura Brown --> • Mr. Perry

diverse; limit

• Hackers have ____________ motives, some of which are more noble than others. • Motive might matter if you want to understand how to best _________ your attack probability --> • E.g. does being "more ethical" lower your probability of breach?

Facebook Breach

A data dump of information belonging to over 550 million Facebook users was published online. Facebook IDs, names, dates of birth, genders, locations, and relationship statuses were included in the logs, of which Facebook -- now known as Meta -- said was collected via scraping in 2019.

Goodwill Breach

Credit card information at approximately 330 stores compromised (some 868,000 credit cards)

vary

Criminal Sentences: - Monsegur sentenced to 124 years - Hammond sentenced to multiple 10 year counts - Ackroyd, Davis, Martyn all charged for multiple counts of ten years - O'Cearrbhail - five years in prison ---> Hacking sentences can _______ greatly

MyFitnessPal Breach

Cyber criminals hit the jackpot when they gained access to over 150 million usernames, emails and passwords in February of 2018

Proprietary Content

Damage - _______________________ • Movies Released ---> • Fury (1 million downloads one day after release) ---> • Annie (200,000)• Still Alice (100,000) ---> • Mr. Turner (65,000) • Spider-Man Crossover with Captain America, Idris Elba to play new bond, and Will Ferrell as Donald Sterling

half

Damage of the Sony Attack: "Before Sony's IT staff could pull the plug, the hackers' malware had leaped from machine to machine throughout the lot and across continents, wiping out __________ of Sony's global network. It erased everything stored on 3,262 of the company's 6,797 personal computers and 837 of its 1,555 servers."

100 Terabytes; most financially

Damage of the Sony attack: • _____________ of data lost including: --> • Information on Sony employees (SSN, emails, addresses, passwords, usernames, etc.) --> • Emails and other sensitive communications --> • Proprietary content and information - Financial ramifications difficult to quantify currently but one of the ________________ disastrous in recent history

Target Breach

Data on 110 million customers may have been compromised during two cyber-attacks. In December, Target admitted that credit card details from 70 million customers were at risk. Cost Target a cool 148 Million and CEO fired.

Goals of a Hacker

Disclosure Alteration Denial

o Went rogue and created many costs and exposed a lot of things

Edward Snowden

Pharmacies; Genetic

Entities not covered by HIPPA § ___________ § Places that collect __________ information

Verizon; connection; daily; Token;

Importance of Ethics: • In 2012, a US based company approached the ___________ security team to help with log review for their VPN remote access system. • Logs showed an open and active _____________ from Shenyang China. • Review of logs showed that the connection was used __________. o They were concerned because their VPN required a ____________ to log in - so the bad guy must have a way in o They checked, and the valid token that belonged to a developer who worked there was being used § Two-factor authentication was required on a physical token - not a phone o The developer who the token was in the office o The employee was logging into the office and paying someone overseas to do the work for them, while they essentially did nothing. § There is evidence that this guy did this at multiple companies o This wasn't a technical breach but a breach that occurred from bad ethics

Capital One Breach

In 2019, the hacker knowingly exposed an insider breach at Capital One, sharing her methods with colleagues over Slack, posting information to GitHub, and bragging on social media. More specifically, the insider was a former software engineer at Amazon Web Services (AWS.) She was able to take advantage of a misconfigured web application in Capital One resources hosted in AWS. In turn, the insider managed to steal over 100 million customer records, including account and credit card application information. Capital One estimated the cost of damages at around $150 million.

Marriott Breach

In November, Starwood Hotels confirmed that up to 500 million hotel guests' information had been stolen in a data breach. The data breach was detected on September 10th, but could date back to 2014. Cyber thieves didn't just steal the usual information - names, addresses and credit card information. They also took passport numbers, travel locations and arrival and departure dates. Since they had travel information, it leads authorities to believe that the culprits were nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. It is believed that China could be behind the data breach.

My Heritage Breach

In one of the largest and most frightening breaches of the year, hackers stole over 92 million sensitive records from the DNA ancestry company MyHeritage

Laden Is an attack happening now? Which vulnerability should I address next?

Security contexts are ________ with technical and managerial uncertainty

big

Security contexts are inundated with data and data has been "_____" for a long time.

Mobile security

Next frontier of security concerns: __________________

overwhelm There is room to improve prediction and reduce alert fatigue

Security tools ________________ users with notices and false alarms

No one cares about security until something bad happens

Resources are usually very limited and security

FireEye Breach

Russian intelligence compromised systems belonging to solarwinds which exposed data from high profile private companies (e.g. Fireye) and government agencies (homeland security and treasury). It's believed that 18,000 of its clients were compromised.

Schnucks Breach

Schnucks said in March that 2.4 million customers had their credit card numbers compromised during a four-month breach

Scribd

Scribd announced in April that about 100,000 users had their email addresses and passwords hacked.

organization; Visualization; Regression

Tools of Analytics: • Data aggregation, cleaning, _______________ • Data ____________ and Summary Analysis • Statistical Modeling: _______________ analysis, Logit, anomaly detection, Deep Learning

location; Encrypts

Use a VPN on the dark web § Hides your ____________ § ____________ your traffic