Efficient Process or Chilling Effects - Takedown Notices ...
Will you be hacked? - Strathfield Council · Compromised workstation or ‘zombie’ machine ......
Transcript of Will you be hacked? - Strathfield Council · Compromised workstation or ‘zombie’ machine ......
1
Will you be hacked?Daniel Weis
Will you be hacked?
Dan Weis
Lead Penetration Tester
Head of Security
Kiandra IT
2
Will you be hacked?Daniel Weis
Lead Pen-tester and Head of Security at
Kiandra IT
I get paid to break into company &
government networks for a living
Major nerd
Been in IT since 1995 in various roles both here and
internationally
06
7 years in security consulting, 5+ years as a Pen-tester
1of 10 people globally to become a Certified Ethical Hacker (CEH)
Trainer of upcoming CEH’s
Have a couple of certs (23) & published resources
3
Will you be hacked?Daniel Weis
The content presented today contains tools,techniques and resources used for hacking &illegal activities
The content is for education purposes only
The underground sites presented today shouldnot be visited and are monitored by federalauthorities
Hacking is illegal. You MUST have writtenpermission from the associated target/party(s)
STOP
I do not condone illegal hacking or maliciousactivities.
4
Will you be hacked?Daniel Weis
Dodgey emails enticing you
to click a link or open
attachment
PHISHING
Malicious software
designed to do
something bad
MALWARE
The art of deception, tricking
a target to do something
SOCIAL ENGINERING
Harvest different personal
details and apply for
services as you
IDENTITY THEFT
Compromised workstation or ‘zombie’
machine
BOT/BOTNETS
HEARD OF THESE BEFORE?
Code designed to exploit a
vulnerability in a system
EXPLOIT
5
Will you be hacked?Daniel Weis
The technology space has moved so fastThe problem is that people still don’t understand the fundamentals
This is what kids used to do, they used to get fresh air
The internet, what’s that? Mobile Phones, maybe 1 in 10 had one
14
Will you be hacked?Daniel Weis
Because of this growth we now have a uniqueset of challenges
Regardless of your job, Age, Race or countrywe now all need to be “I.T Savy”
And because of stats like this
15
Will you be hacked?Daniel Weis
Malicous URL’s / Phishing Attacks
Source: Trendlabs Annual
#3Botnet Infections
#4
16
Will you be hacked?Daniel Weis
Protect yourself in 8 easy steps
You can also find these steps via the staysafeonline website: https://www.staysmartonline.gov.au
17
Will you be hacked?Daniel Weis
Anything that is put online, is there FOREVER
SOCIAL
MEDIAStop and think before you provide any photos or financial or personal information about yourself, your friends or your family.
18
Will you be hacked?Daniel Weis
• You should use secure passwords like ‘z#JFkj03%!’*E
• Let’s face it that’s tough to remember!
• Why not use a passphrase? ‘I really hate passwords!’
• Now you have a pretty strong password, 26 characters & 3 symbols, but easy to remember.
• Passphrases are hard to guess!
• You could have a unique one for each site like:“I really hate logging into gmail! Its crap!.”
• Drawbacks: some applications/websites impose character limits on passwords
• In that case let’s use this one: "Irhligm!Ic!."
19
Will you be hacked?Daniel Weis
• Name
• Siblings/Spouse Names/Pet Names
• Days of the week (Monday, Tuesday, Wednesday etc.)
• Months of the year (January, Jan, February, Feb) and/or contains the current year (2016, 2017)
• Anything with the word Password or Welcome!!
• Keyboard combinations (qwerty, qazwsxedc,1234567 etc.)
• Anything containing information on your workplace, (company name, what it does, or functions.) or address
• Dictionary based words, and number at the end!
20
Will you be hacked?Daniel Weis
• Use a password manager like lastpass or 1password
• Do not use the same password for everything
• You should be using two-factor authentication (also called multi-factor authentication)
• To check if you accounts or details have been hacked use:
https://haveibeenpwned.com/
• Change password regularly
• Passwords should be minimum 10 but BP of 12-15 characters
• Use uppercase, lowercase, special characters and numbers
21
Will you be hacked?Daniel Weis
Treat any unexpected message with caution
TREAT WITH CAUTIONWhen you receive an
email, consider who is emailing you and what they are asking you to
do.
CONSIDER WHO AND WHYCall the business a suspect
message claims to be from using contact details obtained from a
website or other legitimate source.
CALL THE BUSINESS
27
Will you be hacked?Daniel WeisMore information and examples can be found at scamwatch: https://www.scamwatch.gov.au
SCAM
The bank will never ever email you to confirm anything, only emailing of statements
Paypal will never email you and ask you to confirm anything
Look out for missing logos, spelling or grammar mistakes
If it’s a delivery email, go direct to the site and enter in your tracking details instead of using the link
If it seems to good to be true it most likely is
Sender is unknown!
Incentives, e.g. survey emails
Links that have alternate URLs
28
Will you be hacked?Daniel Weis
Minimise visits to unknown websites and avoid being enticed by the promise of sensational content through ‘clickbait’.
Look for the padlock symbol and ‘https’ in the browser address bar when visiting sites.Particularly when undertaking a transaction or entering personal information online.
Delete suspicious emails and leave websites that:
• Ask you to provide your banking details or personal information
• Promise you money• Present hard luck or exotic stories telling
you that you can share in hidden millions of dollars
• Offer jobs where you need no qualifications, but just ask for a bank account for money transfers.
• Emails claiming to be “looking for a friend” or husband
30
Will you be hacked?Daniel Weis
The attacker only needs to get it right once.
You need to get it right all the time.
31
Will you be hacked?Daniel Weis
Install a firewall on your computer and make sure it is activated.1
2 345
Never provide personal details via emails or links from emails. If you are unsure, double check by telephone with the company or institution.
Never follow the links in spam emails; these could lead to downloading unwanted viruses, spyware or malware.
Ensure that you have up-to-date anti-virus and anti-spyware software installed on your computer.
If it seems too good to be true, it probably is
32
Will you be hacked?Daniel Weis
Deal primarily with trusted and reliable online retailers.
Access your bank’s website by typing the address directly into your browser.
Keep your computer up-to-date with anti-virus/anti-malware, anti-spyware and firewall software.
Use the security measures (such as two-factor authentication) recommended by your bank.
Always log out of the internet banking menu and closing your browser when you have completed a session.
Research unknown retailers and their products and services. Google them!http://www.resellerratings.com/http://www.fairtrading.nsw.gov.auhttps://www.sitejabber.com/
33
Will you be hacked?Daniel Weis
Only make online purchases from companies that have a clear privacy policy and secure payment pages.
Think before you fill out online forms. Ask yourself: how much information do I need to enter into this site?
Only share your primary email address with people you know
Be careful when signing up to mailing lists – spammers use the unsubscribe button to validate addresses.
Use strong passwords and don't share them with anyone.
Check your billing and account records carefully to detect
potential identity theft early.
Treat your personal information as you would treat your money—don't leave it lying around
for others to take.
Set up a separate email address for shopping and newsgroups. If you need to, you can then change this address without
disrupting online business activities.
Shred sensitive information and documents
Keep a record of what information you have given to whom..
34
Will you be hacked?Daniel Weis
Be careful how much personal information
you post or reveal online
People who share personal information are more likely to be
targeted
Use privacy settings to control the amount and type of information you want to share on social media
Think about what information you may have
online that is spread across multiple sites. Identity
thieves can piece together your identity from public
information
38
Will you be hacked?Daniel Weis
Notify the relevant websites
Notify your financial institutions.
Request a credit report from a reputable credit reference bureau
Change your passwords
Monitor your accounts and devices Don’t panic
39
Will you be hacked?Daniel Weis
Turn on the security features of your mobile devices
Set a password/phrase or PIN that must be entered to unlock the device
Install reputable security software
People are unaware of mobile security
Use the most up-to-date operating systems and keep your phone updated!
Turn off unnecessary services when not in use, wireless, NFC, Bluetooth
Be careful of the apps you are installing
41
Will you be hacked?Daniel Weis
Internet Café’s also pose the same risks
Anything you send across the Wi-Fi on a network can be intercepted, period.
Public/Open/ Free Wi-Fi hotspots should not be used to access sensitive information unless you are using a VPN.
If you have to use an open Wi-Fi network do not log into sensitive accounts like banking!
42
Will you be hacked?Daniel Weis
• Step 1: Think before you post• Step 2: Rethink your passwords• Step 3: Think before you click• Step 4: Minimize Your Exposure• Step 5: Use Bank Security
Measures & Research First• Step 6: Protect your identity• Step 7: Protect your mobile device• Step 8: Avoid Free WiFi
45
Will you be hacked?Daniel Weis
• Anything that can be indexed by a typical search engine like Google, Bing or Yahoo
• The “visible web”• 4 billion indexed web pages• This is the web you know
SURFACE WEB
• Is a small portion of the deep web that has been intentionally hidden and is inaccessible through standard web browsers
• Can only be accessed with special software designed to hide you
• Contains darknet markets• Anonymous marketplace ecosystem does in excess of
$500,000 a day.
DARK WEB
• The deep web is anything that a search engine can’t find,• Data behind firewalls, like corporate resources, business
intranets, password protected websites, infrastructure etc
DEEP WEB
THE INTERNET
48
Will you be hacked?Daniel Weis
When they get shut down, they just come back again a short time later on a different provider
Usually operate in countries with no jurisdictions, such as South America, Eastern Europe, South East Asia
Use bulletproof hosting
Mini ISP’s (datacenters)
Specialise in offering services that are largely immune from takedown requests and pressure from western law
enforcement agencies.
49
Will you be hacked?Daniel Weis
Located six miles off coast of Suffolk, England
BE THE BEST MARKETING COMPANY
Built during WW2 as an anti-aircraft gun platform
Declared an independent nation in 1967
Home to HavenCo the worlds first bulletproof hoster
“Its own nation, its own rules.”
50
Will you be hacked?Daniel Weis
Former home of Wikileaks
BE THE BEST MARKETING COMPANY
Inside White Mountains of Stockholm
Located below 30 meters of granite and secured by a 40-centimeter-thick door
The data-center can withstand a hydrogen bomb attack.
51
Will you be hacked?Daniel Weis
BE THE BEST MARKETING COMPANY
Abandoned NATO bunker
Netherlands
Discarded by Dutch military in 1994
Built to survive a 20-megaton nuclear attack
5 subterranean levels.
54
Will you be hacked?Daniel Weis
As much as we may not like it, The internet is an integral part of a young people’s lives
55
Will you be hacked?Daniel Weis
While the internet offers an exciting world of experiences for kids and teens, it's important to be mindful that they could:
05
Experience cyber bullying
Be exposed to inappropriate, illegal or harmful content
Be at risk from contact with unwanted strangers
Unknowingly or deliberately share personal information without realising the risks
Leaving behind an online footprint that might not reflect well on them in the future.
57
Will you be hacked?Daniel Weis
Covering a number of key online safety issues, the Parent's guide to online safety offers practical, issues focused information and advice for parents of children of all ages.
Topics covered include:
• Cyberbullying• Social networking• Unwanted contact• Sexting• Inappropriate content; and• Online safeguards
58
Will you be hacked?Daniel Weis
Office of the Childrens eSafetyCommissionerhttps://www.esafety.gov.au
Stay Smart Onlinehttps://www.staysmartonline.gov.au
ScamWatchhttps://www.scamwatch.gov.au
Cybersmarthttp://www.cybersmart.gov.au/
Digital Parentinghttps://www.f-secure.com/en/web/home_global/digital-parenting
HELP & FURTHER INFORMATION
Online crimes to ACORNhttp://report.acorn.gov.au
Cyberbullying to Childrens eSafetyCommissionerChildrens eSafety Commissioner
Offensive or illegal content to Childrens eSafety Commissioner Childrens eSafety Commissioner
ScamWatchhttps://www.scamwatch.gov.au
REPORT IT!
Thinkuknowhttps://www.thinkuknow.org.au
Headspacehttps://headspace.org.au/
Childrens eSafety Commissionerhttps://www.esafety.gov.au
Reachouthttp://au.reachout.com/
Kidshelplinehttps://kidshelpline.com.au/Or 1800551800
YOUTH HELP AND INFORMATION