Top IT Threats Facing UH

Jodi Ito

Information Security Officer

VP IT & CIO Office

Information Technology Services

jodi@hawaii.edu

X

FBI Honolulu Contact

Special Agent Jimmy Chen Ph: (808) 566-4294 jimmy.chen@ic.fbi.gov Report:

Suspected child pornography Intrusions/hacking attacks on systems w/ sensitive

information (not just sensitive, personal information, but also intellectual property)

Child Pornography

On a computer that DID NOT HAVE ANY PASSWORD!

No accountability Could be installed by anyone Everyone could be a suspect

Top Security Issues at UH

Copyright Violations (DMCA violations) Protecting Sensitive Info & UH Data

Breaches Protecting Users, Computers &

Networks

WE (people) are the weakest link!

What ITS is seeing…

Phishing Compromised accounts Increase reports of bot-infected

computers Increase in DMCA notices Increase in breaches

Targeted Attacks Subject of phishing attacks are specifically

selected Such as senior administrators & management Uses social engineering techniques

Very convincing messages and images: North Carolina State University:

http://www.ncsu.edu/it/security/webmail-phishing.html

Targeting CFOs

QuickTime™ and a decompressor

are needed to see this picture.

QuickTime™ and a decompressor

are needed to see this picture.

http://krebsonsecurity.com/2010/09/cyber-thieves-steal-nearly-1000000-from-university-of-virginia-college/

Compromised UH Usernames Used to send spam & phishes 87 compromised this year <20 before July Most often victims responded to

phishing emails Account used almost immediately to

send spam

Increase in Bot Traffic

ITS receiving more reports of “bot” infected machines on UH network

Most Torpig & Mebroot Torpig

uses fast flux DNS to change name of C&C and malware-infected sites

Uses java and Twitter API to generate &register new hostnames

Designed to harvest sensitive information such as credit card & bank account information

Copyright Violations HEOA 2008 - All universities must have:

An annual disclosure to students describing copyright law and campus policies related to violating copyright law.

A plan to “effectively combat the unauthorized distribution of copyrighted materials” by users of its network, including "the use of one or more technology-based deterrents".

A plan to "offer alternatives to illegal downloading".

Annual Disclosure

QuickTime™ and a decompressor

are needed to see this picture.

HEOA Compliance Compliance by July 1, 2010 Failure to do so: lose all federal

financial aid!

UH Statistics: 2007-2010

As of 9/2010

DMCA Notices

13 136 0 0

145

15 12 722 17

2435

18

3930

22 16 16

7995

31 3021

3546

127

3925

36

71

89 83 84 79

10590

77

133

7253

76

128

192

0

50

100

150

200

250

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

Month

Notices per Month

2007

2008

2009

2010

DMCA Statistics

As of 9/2010

2007 2008 2009 2010Jan 13 24 21 105Feb 13 35 35 90Mar 6 18 46 77Apr 0 39 127 133May 0 30 39 72Jun 14 22 25 53Jul 5 16 36 76Aug 15 16 71 128Sep 12 79 89 192Oct 7 95 83Nov 22 31 84Dec 17 30 79

ITS Procedures

Identify and Notify If no response, block Currently, infringers are “counseled” and must

sign Copyright Notificationhttp://www.hawaii.edu/itsdocs/gen/sample_copyright_notification.pdf

Failure to do so, blocked & reported to Dean of Students (or supervisor/Dean/Director) for action

www.hawaii.edu/its/filesharing

UH Policies Executive Policy E2.210:

Use and Management of Information Technology Resources

http://www.hawaii.edu/svpa/ep/e2/e2210.pdf Executive Policy E2.214:

Security and Protection of Sensitive Information

http://www.hawaii.edu/apis/ep/e2/e2214.pdf

More UH Policies

UH Form 92:

UH General Confidentiality Noticehttp://www.hawaii.edu/ohr/docs/forms/uh92.pdf

System-wide Student Conduct Codehttp://www.hawaii.edu/apis/ep/e7/e7208.pdf

Protecting Sensitive Info Hawaii Revised Statutes:

HRS 487J - SSN Protectionhttp://www.capitol.hawaii.gov/hrscurrent/

Vol11_Ch0476-0490/HRS0487J/ HRS 487N - Breach Disclosurehttp://www.capitol.hawaii.gov/hrscurrent/

Vol11_Ch0476-0490/HRS0487N/ HRS 487R - Destruction of PI Recordshttp://www.capitol.hawaii.gov/hrscurrent/

Vol11_Ch0476-0490/HRS0487R/

UH Breaches RECAP 2009 April: Kapiolani CC 2010 March: Honolulu CC 2010 July: UH Manoa 2010 October (now!)

OVER 100,000 exposed records!

October Breach Still under investigation NOT PUBLIC YET! Google indexes ftp: Check all UH public websites for

sensitive information!

Open Source Tools

Find_SSN: http://security.vt.edu/Find_SSNs/index.html

Spider: http://www.cit.cornell.edu/services/spider/howto/index.cfm

SENF:

https://senf.security.utexas.edu/wiki/

Breach Notification

Determined that pursuant to HRS 487N, UH required to do a “Breach Notification”: Written notification to all affected

individuals Legislative Report due 20 days after

discovery of breach Press Release/website

UNC IncidentQuickTime™ and a

decompressorare needed to see this picture.

QuickTime™ and a decompressor

are needed to see this picture.

http://www.newsobserver.com/2010/10/14/739551/unc-cancer-scientist-appeals-her.html

Personal Information Protection POC

QuickTime™ and a decompressor

are needed to see this picture.

Key Items Campus designee: “Personal

Information Protection” Point of Contact Limiting storage and retention of

personal information to what is absolutely essential and required by law

Review and strengthen internal controls over personal information

Annual Personal Information Survey

Information Privacy & Security Council Just completed 2010 ALL systems (electronic or paper)

needs to be reported http://www.hawaii.edu/its/information/survey

Policies and Compliance

Enforce laws, regulations, policies FERPA, HIPAA, FTC Red Flags, PCI DSS,

FISMA, State & Federal laws & regulations, etc.

Legal Issues E-Discovery & Litigation holds Subpoenas & National Security Letters

Internal Investigations

Protecting Users Increase in compromised UH

usernames Used to send spam/phish

Increase because: Responding to PHISHES! Weak passwords Using unsecured computers and/or

networks

Other Unsafe Behaviors Respond to “phishes” Do not update operating systems and

applications on a routine basis Do not use or update anti-virus/anti-spyware

software Visit unsafe websites Share accounts/passwords Use unsecured wi-fi for sensitive transactions

Firesheep http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-

app-lets-you-hack-into-twitter-facebook-accounts-easily/

QuickTime™ and a decompressor

are needed to see this picture.

2011 Threat Forecast

QuickTime™ and a decompressor

are needed to see this picture.

http://www.gtisc.gatech.edu/pdf/cyberThreatReport2011.pdf

Thank You!

Questions?

jodi@hawaii.edu(808) 956-2400