With the increasing use of digital technology in our everyday lives, threats to our security are becoming a more prevalent in today's society.The needs of an audience are diverse and particularly suited to how an individual uses technology in their everyday lives and work environment. For this purpose the presentation has been constructed to be highly adaptable in order to focus on the relevant topics in your current situation. This is meant to serve as a rough guide for the topics that the speakers have knowledge of and a framework of what may be discussed. The presentation is tailored to both the needs and expertise of the audience involved. While the goal is to provide an overview of methods for compromising security, going beyond to provide a better explanation of how particular attacks are carried out is an option for audiences that require this knowledge. The purpose of this presentation is to better prepare individuals to respond to the threats that they may be facing in society that increasing relies on technology. The best defense comes from knowing how the attacks will be carried out in order to stay one step ahead of those with nefarious intent.
CYBER SECURITY: Protecting Yourself in the Modern Digital Age
Modern Criminal & Hackers
The purpose of this line of discussion is to dispel common rumors about “Hackers” that many people believe. The difference between White Hat Hackers, those who use hacking to work for legitimate companies or the government in order to improve security, and Black Hat Hackers who use their skills to commit crimes, break into computers, and cause havoc. This will also cover how computer crime is on the rise and how modern criminals are more inclined to commit crimes and scams using the technology that has become available to them. This section will also go into how companies protect your information. With the recent hacks of Target and other major corporations how safe is your personal information really. The reality is that 6 out of 10 companies acknowledge that they know a breech has taken place and that only accounts for the companies that knew about the breach and were willing to report it.
Finding the Weakness
This is intended to show people how every security system has weaknesses and it is about finding where your weaknesses are. An attempt is made to help you get into the mindset of a “hacker” and follow their logic so you are able to see the big picture. Examples are citied such as the case of a corporate network being compromised due to insecurities in their thermostat system that was connected to network. This section briefly touches on routers and how if the proper encryption is not being utilized than this could be your “weakest link” and how security relies on those around you as well as your own security practices.
Illusion of Security
This section helps individuals to understand the state that security is in today. It seeks to dispel rumors that “complete” security is possible. Security is only a measure of how long it takes to break through the current policies that are in place. Throws in references to current products such as medical devices like pacemakers that are susceptible to attacks. The false sense of security that comes from thinking “who would want to hack me” is exactly what makes you’re a target to begin with. Even if someone may not to hack you directly, they may be using you to get to another individual due to your lack of security. Using people you trust to skirt around security measures is another threat that you may not be expecting.
This section brings awareness to the problems that come from creating easy passwords and the types of authentication methods that are in use. This covers everything from how to properly choose a secure password, how passwords are cracked so you can choose difficult passwords to increase security, hardware that is used to capture your passwords and what to be on the lookout for, software that is used to capture passwords and how to protect against it, and different methods for making your passwords more secure. Different methods include two-step authentication, RSA SecurID, fingerprint logins, and other methods. Each method will include discussion of the advantages and disadvantages that come with each and what will work best in different situations.
Passwords alone are not enough to properly secure private information. An understanding of different encryption methods that are available and how they are implemented is important. This discussion will vary in the level of intricacy depending on the audience and goal of the presentation. It may range from touching on the different types of encryption and security of each up to how each method functions and how different cracking methods work on each.
Network security is emphasized because of the little known but abundantly present gaps in security that exist. Discussion begins with different types of encryption, which types of encryption offer the security you need, and why outdated encryption is still the most widely used type. Depending on the audience, an in depth explanation can be made of how attacks against the different types of encryption are carried out and demonstrations can be done. The issue of how devices that are connected to your networks may compromise your security and how to prevent this from happening. This is especially relevant for individuals that use personal devices to connect to private networks.
Network Cameras & Security Systems
Focused on raising awareness to the dangers of improperly setting up security systems or network cameras and that these may be accessible by individuals that you have not authorized. Individuals may be able to take over security systems or cameras, leaving you or your business exposed.
A popular choice by many business because of cost and usability, these phones are more susceptible to having people listen in on calls, intercept and reroute calls, and intrude on voicemail boxes. In addition to conventional phones that use VoIP, Skype and other services also rely on VoIP and can be intercepted.
A more in depth explanation will be provided when the topic of mobile security is discussed, however a brief introduction of the dangers of connecting to wireless networks that you do not have control over will be the central topic. This includes free hotspots in coffee shops and the popular hotspots that are around such as Optimum Wi-Fi.
Viruses are the most common threat to the security of your devices. Viruses can infect all devices regardless of operating system or device type. This section aims to bring attention to the pros and cons of the various options out there and which provide the safest option for you. This topic seeks to expand knowledge on transmission methods as well as what the various types of malware do in order to enhance prevention techniques. The transmission methods will touch on files that can be affected as well as how they spread between devices. The different types of malware discussed will range from simple adware to R.AT.’s. As with ever other section, prevention methods will be the focus. Antivirus protection and other security settings that should be implemented will be discussed.
Websites & Malicious Links
Special attention will be given to having safe browsing habits when using the internet. Since most malware comes from online, it is important to be aware of what to be on the lookout for while using the internet. Knowing what secure sites and legitimate URL’s look like can mean the difference between compromising sensitive information on yours and other peoples systems. For more advanced audiences, the option to explore how websites become compromised and how accounts can be hijacked is available.
The new generation has become increasingly focused on social media. Many people put their entire lives online without regard for who will be looking at. In today’s society not only do potential schools look at your social media presence but so do potential employers. Knowing that everything you publish online is visible to everyone despite security settings is the first step in recognizing that you need to change your online habits. This section will not only bring attention to what you post online but also the information that can be readily found online about you and how this information can be used against you. This section also contains specific examples of information that is commonly overlooked by people when posting online such as when new drivers post their driver’s license on their social media. Social media takes all the need to follow someone around to find out what they are up too. Further explanation will be given in the mobile security section on how social media can be used to track your location. In addition to information you are posting online, social media sites integrate themselves into your browsing to gain a better understanding of who you are. Sites such as Facebook track what sites you visit while logged into their site. This information is sold to advertisement agency’s to get “target specific” ads. Knowing what social media companies do with your information is just as important as knowing who is looking through it.
Social engineering goes hand in hand with social media because it is made possible mostly due to the information that you post online. Social engineering attacks seek to gain confidential information by using psychological manipulation. In effect it is a “con.” It has been used millions of time to gain information from companies. Using information such as birthdays, parent’s names, pet names, and names of schools individuals can pretend to be you and convince companies to give them access to your accounts.
The end of this section will discuss preventative measures that you can put in place to stop these attacks from affecting you. Focus will be on how to remove unwanted information from the internet and which services retain and have your information. Third party websites sell your personal information but websites like Safe Shepard help you to remove your online footprint.
Credit Card & RFID
This section brings attention to the security flaws that exist in each. They are both common forms of security that are becoming even more common. With a single swipe your credit card information can be stolen with a handheld skimmer. Credit card information can also be stolen from fake ATM’s or legitimate ATM’s that have card stealing hardware installed on them. RFID devices are subject to interception and duplication because they have little to no security and are always transmitting data. Access cards and credit cards can be duplicated by anyone in your vicinity without your knowledge.
When any devices are discarded, from cell phones to computers, traces of the information they once stored is left one there even after it has been deleted. Proper techniques for data eradication will be discussed and the importance will be emphasized. Copious examples will be provided of all the information that can be gleamed from these systems such as bank records, DMV records, credit cards, emails, and passwords from systems that have been discarded and digital forensics been conducted.
Mobile Security - Portable Devices
Portable Devices not only include cell phones but also tablets, laptops, and other electronics. Portable devices become increasingly vulnerable when wireless connections such as Bluetooth or Wi-Fi are left on. The issues regarding Bluetooth and Wi-Fi will be discussed in-depth to describe measures that prevent this such as not using preferred networks. In addition to turning wireless features off, the network connection with the cell phone carrier can also be intercepted. Portable devices contain more information that many realize because they store information without asking for the user’s permission.
Mobile Security - Smart Phone App’s
Smart phone apps such as Facebook, Twitter, and Angry Birds require app permissions that go far beyond what is required for app function. A look through app permissions reveals that they can change many aspects of your phone including messaging, accounts, contacts, files, memos, call history, and much more. Government agencies such as the NSA have taken advantage of the permissions that we give our app’s to use their “leaky” security nature to spy on people. The issue also arises of who you trust with your information. Recently Snapchat had a leak of 4.6 million user’s information. The Android Flashlight Free app sold the information of its consumers to advertisement agencies that specialized in target specific ads. Using apps means that you have to trust the developers that created them and are responsible for the security of your information.
Mobile Security - Geo-Location
By default your phone is set to embed the location that a picture was taken at into the EXIF data of each picture you take. Every photo you take includes this EXIF data that recorded information about the device that took it and other pertinent details. Depending on the social media or file sharing sites, this location data stays with the file. Using tools to plot this information it is possible to actively track a target based their social media. Not only do your pictures contain your location but often time’s, posts to these sites also contain an embedded location.
Mobile Security - Device Against You
This section aims to show how the quickly advancing technology can be turned against you and the gadgets you see in science fiction are now out in today’s world. Smartphone app’s that can listen for your password by being near the keyboard while you are typing. Smartphone app’s that can create 3D models of your home without your knowledge by using the webcam. The future is here now but whether or not you choose to embrace it, it will keep on moving and progressing with or without you.
Traveling with your devices presents unique challenges. Not only is it difficult to constantly keep your eye on your devices, you are connecting to unknown networks and trusting others to keep your information private. The dangers may not seem so obvious and can come out of nowhere and surprise you. An education of how these attacks are carried out can mean the difference between giving others your life and locking them out.
Traveling - Charging Stations
Popular because of their necessity and convenience, charging stations can have hidden dangers lurking behind the facade of the traveler’s best friend. Simply plugging your device into one of these stations can lead to a complete compromise of the contents of your device. Deciding to plug in a phone might as well be opening up your contacts, messages, pictures, phone logs, and anything else on it up for scrutiny by anyone who wants it. Just knowing the simple fact that using a wall outlet removes this possibility can save a great deal of headache in the future.
Traveling - Hotel Door Security
In addition to the ways your devices can be at risk it is important to be aware how other devices can be used against you. Flaws in hotel door locks allow anyone with ten dollars’ worth of hardware to walk into millions of hotel rooms as if they had a master key. These devices have been documented in use in numerous robberies and only serve to show how sometimes a low-tech lock is your best option.
Used for intercepting devices that use wireless connections. This can include cell phones, tablets, laptops, IPads, and any other devices that have a wireless card. This is used to illustrate the vulnerability’s that exist with wireless connections and how a wired connection offers increased security. This is also used to show what information can be extracted from these devices once they have been compromised.
USB Rubber Ducky
Tool used when an attacker has physical access to a victim’s computer. It can be programed to carry out advanced attacks on a computer or android device and is no bigger than a regular flash drive. This is used to demonstrate how in a matter of seconds all your personal information can be in the hands of someone else, your network could be open to an attack, and how an antivirus is not sufficient to protect yourself.
Tool used for extracting information from a target hard drive or device and keeping all information gather admissible in court. Keeps data flowing in one direction as to not compromise the integrity of the device in question. Can also be used by someone who wishes to discretely view your information and not leave a trace that they were snooping.
Wireless IP Camera & Networked Camera
Used to show how security cameras and personal cameras can be remotely accessed by those who are not supposed to have access. The use of these cameras have become commonplace by many businesses and individuals because of the easy setup, decreased cost over conventional cameras, and benefits that they provide. By bringing attention to their flaws the goal is to help people make educated choices when choosing what best fits their needs.
Wireless Routers & Repeaters
Wireless routers are a fixture of practically every household and business. The router is used to show how access points can be configured with a special focus on the available security settings. For the more advanced audiences, the router can also be used to provide in depth explanations to how individuals gain access to protected networks. Wireless Repeaters are used to extend the range of wireless routers and present their own set of security issues.
Encrypted Flash Drive
Two types of encrypted flash drives will be presented to demonstrate different options for securing our data. One drive relies on a hardware pin that must be entered before one can gain access to the files contained on the flash drive. The other is encrypted with a software solution. The pros and cons of each option are brought up and they are used to introduce the audience to the different types of encryption and how they are best suited to various needs.
An industry standard for two factor authentication methods, the RSA SecurID is an example of an option for increased security of passwords. It is a small device that contains a screen with a pin that changes every 60 seconds. By using this device, it requires the individual logging into an account to have the device on them as well as know the correct password for the account. By showing other alternatives to increase security it opens people’s minds and makes them aware of the options that are out there for them.
Alpha Wireless Card
While wireless cards have many purposes, not all that are nefarious, the purpose of this one is to show how small and inexpensive the hardware required to break through wireless security can be. This wireless card can also be used in demonstration of how wireless networks encryption can be broken and unauthorized access gained.
Hardware Key Loggers
Hardware key loggers are less widely used than software but they can be far more dangerous. They are not able to be picked up by antivirus programs because they intercept keystrokes from the keyboard before they reach the computer and can be easily concealed. By showing examples of how small these devices can be it brings attention to the dangers that they can present and makes individuals wary of unknown devices that may be plugged into your computer.
Spectrum Analysis Hardware
The use of this hardware is to expose how other devices such as two way radios (popular for use by security personnel) can be susceptible to interception. Using equipment such as these it brings awareness to how even devices that cannot be “hacked” by conventional approaches are not without their own collection of weaknesses.
Magnetic swipes are now in use more than ever and are relied on for their security by hotels, businesses, schools, and on credit cards. These cards increase security by restricting access to individuals with the card, however due to the ease at which these can be copied they do not offer the level of security that many people believe they do. All it takes is a second for someone to swipe your card without your knowledge. This is especially true for your credit card because it leaves your possession at stores and restaurants. This magnetic reader can be used to demonstrate how easy it is to copy magnetic cards as well as how small the readers can be and easily they can be concealed.
RFID Reader & Writer
Much like the magnetic swipes, RFID is being incorporated into everyday life for access to buildings and into credit cards. Unlike the magnetic swipes, physical access is not needed to make a copy of the card. Simply walking down a city street could lead to your credit card information being stolen. Having a RFID reader & writer allows individuals to see the ease that cards are duplicated and raise awareness of how to prevent against this kind of threat.
Bluetooth Exploit Hardware
Bluetooth earpieces, Bluetooth keyboards, and Bluetooth speakers all offer the ease and convenience of being able to quickly connect your phone or other devices together. Bluetooth enables unauthorized access because of a lack of security that has been implemented. Using this hardware it is possible to show not only how the exploit takes place but also how easy it is and how exposed it leaves everyone.
Kon-Boot Flash Drive
Kon-Boot is a popular tool used by technical support in large companies in order to log into computers that they do not have the passwords for. It requires physical access to the machine but once an attacker has that, they can use this tool to log into your accounts without the need to crack or know your passwords. This tool brings attention to the insecurity of relying on Windows to secure your computer. In a matter of seconds an attacker can be into your system and browsing your files with Admin privileges. This opens the discussion for why end-to-end encryption offers the best security for your sensitive information.