IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING...
-
Upload
olivia-lane -
Category
Documents
-
view
220 -
download
0
Transcript of IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING...
![Page 1: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/1.jpg)
1
IOANNIS CHALKIADIS
CERN IT SECURITY TEAM
How to hack,earn money and stay out of jail.
IT LIGHTNING TALK 04.12.15 CERN
![Page 2: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/2.jpg)
Hacking started about curiosity and knowledge, now it is just business.
![Page 3: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/3.jpg)
3
How much is the global spending in IT Security?
Up to 77$ Billion in 2015*.
Is it enough?
*http://cybersecurityventures.com/cybersecurity-market-report/
![Page 4: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/4.jpg)
4
I ask you again is it
enough?
![Page 5: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/5.jpg)
![Page 6: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/6.jpg)
6
Company Users
JP Morgan Chase 76.000.000
Sony 77.000.000
Ebay 145.000.000
Adobe 36.000.000
Apple 12.400.000
US Military 76.000.000
Yahoo 22.000.000
Biggest data breaches in the last decade *
*http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 7: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/7.jpg)
7
24 year old Algerian –ZEUS BOTNET-
3.600.000 million infected machines
70 million $$ loss
Hacking and arrests
![Page 8: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/8.jpg)
8
Hacking and arrests
27 year old Russian –BLACKHOLE EXPLOIT KIT-
97% of 2014 browser threats was from blackhole. (AVG)
Was making 70.000$ per month selling his kit
----- He was smart huh?
You know how he got arrested?
He posted this picture in his Facebook profile.. Meh..
![Page 9: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/9.jpg)
9
What is bug bounty, terms/rules
You report ->They reply -> Fix or will not fix -> Reward/Thank you
![Page 10: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/10.jpg)
10
99% of the companies have this list of rules:
• Do not cause DOS (Denial of service) to their services.
• The vulnerability should not affect the user data or critical information.
• Responsible and ethical disclosure to the company.
• Do not share it with any third parties.
Rules*
![Page 11: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/11.jpg)
11
![Page 12: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/12.jpg)
12
![Page 13: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/13.jpg)
13
Google:
• Contacted them 17.10.14
• Got Response 18.10.14
• Triaged Situation ( implementing
fix) 19.10.14
• Fixed Reward $$ and thank you email. 21.10.14
My Personal Adventures
![Page 14: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/14.jpg)
14
![Page 15: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/15.jpg)
15
Western union:
• Contacted them 11.05.15
• Got Response 16.05.15
• Triaged Situation ( implementing
fix) 24.05.15
• Fixed Reward $$ and thank you email. 03.06.15
My Personal Adventures
![Page 16: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/16.jpg)
16
![Page 17: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/17.jpg)
17
Sites that host bug bounty programs
https://bugcrowd.com/programs
https://hackerone.com/directory
![Page 18: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/18.jpg)
18
Want to learn more and improve?
![Page 19: IOANNIS CHALKIADIS CERNIT SECURITY TEAM How to hack,earn money and stay out of jail. IT LIGHTNING TALK 04.12.15 CERN 1.](https://reader035.fdocuments.us/reader035/viewer/2022062409/5697bfa31a28abf838c96e18/html5/thumbnails/19.jpg)
19
Questions