Towngas Infomation Security Week 2013 presentation
-
Upload
charles-mok -
Category
Technology
-
view
398 -
download
3
description
Transcript of Towngas Infomation Security Week 2013 presentation
![Page 1: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/1.jpg)
TOW
NGAS:
INFO
RMATIO
N SECURIT
Y
WEEK 2
013
7/ 1
0/ 2
01
3
![Page 2: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/2.jpg)
WHY HACKERS HACK?
• For material benefits
• For status
• For vengence (justice?)
• For fun
• For nothing
• For goodnessPhoto from Google
![Page 3: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/3.jpg)
WHAT HACKERS DO
• White hat, black hat
• Targeted or for all
• Security exploits
• From virus to malware
• Social engineering: phishing, baiting
• Botnets
• DDOS
• From PC to mobile
![Page 4: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/4.jpg)
DAILY BAD NEWS
![Page 5: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/5.jpg)
IT CAN BE WORSE: STUXNET (2010)
Graphic from IEEE Spectrum
![Page 6: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/6.jpg)
STUXNET • Targeting critical infrastructure
• State-backed (American and Israeli intelligence)
• Targeting Iranian nuclear facilities
• Spread via Microsoft Windows
• Targets Siemens industrial control systems – controlling, monitoring these systems
• Spread via malware or infiltratinga loaded USB stick
![Page 7: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/7.jpg)
HELLO, E
DWARD
SNOWDEN
…G
OO
DB
YE
![Page 8: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/8.jpg)
WHO IS HE?
• Born June 21, 1983
• High school dropout
• Worked for NSA, then CIA, then employed by subcontractor Booz Allen Hamilton, working in NSA again
• Salary: roughly US$200,000 (“took a pay cut to get back in NSA”)
• Lived in Hawaii before coming to Hong Kong on May 20, 2013
• Left Hong Kong on June 23, 2013 to Moscow, Russia
![Page 9: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/9.jpg)
FIRST, IT WAS VERIZON…
• First revealed by the Guardian (UK), NSA granted a court order under FISA (Foreign Intelligence Surveillance Act) of unlimited access to obtain Verizon phone data
• Is it “legal”?
![Page 10: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/10.jpg)
AND THEN, THERE WAS PRISM
• A "clandestine mass electronic surveillance data mining program" since 2007, after the passage of the “Protect America Act” under the Bush administration
• PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic acquired under FISA section 702 authority
![Page 11: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/11.jpg)
![Page 12: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/12.jpg)
![Page 13: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/13.jpg)
![Page 14: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/14.jpg)
![Page 15: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/15.jpg)
![Page 16: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/16.jpg)
![Page 17: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/17.jpg)
MORE OF SNOWDEN’S REVELATIONS• More secret programs to be revealed…• 4 surveillance programs (US)•MAINWAY •MARINA• NUCLEON • PRISM
• Collecting and analyzing meta data on the internet (i.e. emails) and telecom (i.e. call logs)
• Other released programs• Evil Olive – broadening the scope of data collecting• Shell Trumpet – another similar program revealed• EU and its alliance were one of the top targets
![Page 18: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/18.jpg)
WHAT ABOUT OTHER COUNTRIES? British – Tempora (sharing information with
the US) France – "collects signals from devices in
France, and communications abroad” Germany – Providing intercepted data to the
NSA Russia – SORM, another surveillance
programs China? Others?
![Page 19: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/19.jpg)
SNOWDEN ON HONG KONG
• Why he chose to come to Hong Kong?
• He told SCMP: • Hacking into computers/servers in HK and China• At least several hundred times (>61,000 times globally)• University, public officials, students, businesses• Undersea cables
![Page 20: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/20.jpg)
WORK IN COUNCIL
- June 15 rallyoutside USCG
- June 19: followup on urgent oral question; amendment passed on “building a safe city”;adjournment motion debate on cyber security
- Letter to CE, SecurityBureau and PCPD
- June 26 Written questionon government response
- Forum on Infosec with securityprofessionals
- July 17: Amendment on motion debate
![Page 21: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/21.jpg)
THE DEMANDS
• Seeking response from the US government•HKSARG sent a letter to the US government on June 21 – no answer
• Concrete measures to improve information security measures and awareness of local users and SMEs
• Revive the Interdepartmental Working Group on Computer-Related Crime to review and propose new cross-departmental measures
![Page 22: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/22.jpg)
GOVERNMENT’S RESPONSE
• No problem, it’s all fine – “we are not aware of any problems”
• Repeating: •OGCIO’s infosec website•HKCERT• Police’s Cyber Security Center
• Interdepartmental WG on cyber security? No. • Everything is fine. Really.
![Page 23: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/23.jpg)
何必,只顧政治化?
![Page 24: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/24.jpg)
原文: — 《天下烏鴉一般黑 如何平衡國家安全、個人私隱和通訊自由》http://rthk.hk/mediadigest/20130715_76_123001.html
![Page 25: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/25.jpg)
What are the implications?
![Page 26: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/26.jpg)
WHAT NEXT?
• The US or other governments can view almost everything they want
• Can we still trust the Internet and cloud computing?
• Brazil’s President is pushing new legislation to force Internet providers to store data locally gathered in Brazil
• But is it practicable?
Brazilian President Dilma Rousseff
![Page 27: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/27.jpg)
IS FISA JUST AND FAIR?
FISA (Foreign Intelligence Surveillance Act)
• Repeatedly enforced after 911 attacks
• Said to be for monitoring foreign threats in the US
• But the truth is that it allows surveillance on global citizens, and even Americans
![Page 28: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/28.jpg)
IS FISA JUST AND FAIR?
• The United Nations Human Rights Commission recently discussed about regulating surveillance technology on global citizens
• Suggest to advance international human rights obligations on privacy
![Page 29: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/29.jpg)
WHAT SHOULD WE DO?
• World class information securitycapabilities in HK• Highest density of CISSPs in the world
• SMEs and individuals do not appreciate the importance of information security• Education• Protection from “basic hacking” as a start• Set targets to reduce botnets?
• Legal or regulatory measures?
![Page 30: Towngas Infomation Security Week 2013 presentation](https://reader035.fdocuments.us/reader035/viewer/2022062513/55562bc2d8b42a5b528b4d40/html5/thumbnails/30.jpg)
THANK YO
U!
Charles MokLegislative Councilor (Information Technology)
[email protected]: Charles Mok BTwitter: @charlesmok