SlideShare uma empresa Scribd logo

CS3: Cybersecurity Extortion & Fraud

Transferir como PPTX, PDF
Paige Rasid
Paige Rasid

Keep your growing tech company protected – join us at one, or more, upcoming discussions on cybersecurity!

Tecnologia
1 de 62
Click to edit Master title style 9/30/2015 1 Cybersecurity Extortion & Fraud Goodwin College September 30, 2015Sponsored by:
Top Five Things You Can Do to Protect Your Clients and Your Business UCONN Stamford March 30, 2015 Presented by Bruce Carlson President & CEO Connecticut Technology Council Introduction
Top Five Things You Can Do to Protect Your Clients and Your Business UCONN Stamford March 30, 2015 Presented by Mark Scheinberg President Goodwin College Welcome
Top Five Things You Can Do to Protect Your Clients and Your Business UCONN Stamford March 30, 2015 Presented by Paul Savas Vice President Comcast Business Western New England Region Welcome
Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: Martin McBride Presented by Keynote Speaker: William P. Shea Deputy Commissioner of Emergency Services & Public Protection, State of the CT To Discuss Cybersecurity Extortion and Fraud
Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Patricia Fisher President & CEO, JANUS Associates Board Member, CTC Chair, CTC Cybersecurity Task Force Introduction of Panelists
Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: Martin McBride Presented by Speaker: Leon A Pintsov CEO SignitSure To Discuss Bitcoin and its Security Challenges
Bitcoin What is Bitcoin and how it is used in cyber extortion and fraud incidents? L. A Pintsov CTC Seminar on Cybersecurity September 30, 2015 8
Outline  Cyber attacks, extortion and Bitcoin  Bitcoin - a little bit of mechanics  Properties of Bitcoin  Security and Privacy  Limitations  Future prospects  Conclusion 9
Taxonomy of attacks 10
How attacks occurred? 11
Attack Stages 12
How bad guys monetize their cyber exploits?  By selling attackers’ tools  By selling stolen data  By disabling victim’s internal IT system (e.g. via encryption of main and back-up business data bases rendering them useless unless a decryption is applied).  By disabling victim’s website for a significant period of time [e.g. by repeated Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks].  Last two attacks can be monetized only by extortion. “Ransoms vary in price and are usually demanded in Bitcoin”.  Note: The cost of attacks to bad guys are increasing and can be quite significant! Thus, we know of a few attacks that are done just to make a point (as it used to be the case with computer viruses sometime ago). 13
July 31, 2015 Alert Number I-073115-PSA E-mail Extortion Campaigns Threatening Distributed Denial of Service Attacks The Internet Crime Complaint Center (IC3) recently received an increasing number of complaints from businesses reporting extortion campaigns via e-mail. In a typical complaint, the victim business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its Website unless it pays a ransom. Ransoms vary in price and are usually demanded in Bitcoin. Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution. Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, Wordpress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit. Based on information received at the IC3, the FBI suspects multiple individuals are involved in these extortion campaigns. The attacks are likely to expand to online industries and other targeted sectors, especially those susceptible to suffering financial losses if taken offline. If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the IC3 at http://www.ic3.gov/. Please provide any relevant information in your complaint, including the extortion e-mail with header information. Tips to protect yourself: •Do not open e-mail or attachments from unknown individuals. •Do not communicate with the subject. •If an attack occurs, utilize DDoS mitigation services. 14
Akamai Report dated 9-9-2015  Akamai's Team is warning of increased activity by a group – known as DD4BC – that since 2014 has threatened to take down corporate networks with distributed denial-of-service (DDoS) attacks if a Bitcoin ransom is not paid. Akamai confirmed 141 attacks executed against 124 unique businesses between September 2014 and July 2015.  DD4BC started off small, only executing an average of nearly four DDoS extortion attacks per month from September 2014 to March. Activity started climbing in April with 16 attacks, peaked in June with 41 attacks, and tapered off a bit in July with 31 total attacks.  The organizations being targeted are in a variety of industries, including 58 percent in financial services, 12 percent in media and entertainment, nine percent in online gaming, six percent in retail and consumer goods, five percent in software and technology, and another five percent in internet and telecommunications.  “If a targeted organization pays the ransom, there is no reason to believe that the attackers will not return again, and often for a higher amount.” “Additionally, this could encourage other groups who may use the same name or in some way be associated with this group to threaten your organization and also send attack traffic. These types of attacks only work when the victims make it profitable for them. Not paying the ransom will often lessen the pervasiveness of these attacks.”  One of the group's latest tactics involves threatening to expose organizations via social media, the report mentioned. 15
16
17
18
19
20
21
22
Results (from Akamai report)  The data suggests that the individuals involved in the DD4BC operations have received ransom payments from the DDoS threats.  Historically, targets of ransom demands are selected based on their anticipated reluctance to involve law enforcement.  DD4BC is expanding its targets to enterprise-level organizations. 23
Why Bitcoin is a seemingly preferred payment extortion tool?  (Perceived) Anonymity /Unlinkability/Untraceability  Relative Ease of Use (for both the extortionist and the victim) • Remember instructions in the ransom email?  Ubiquity/Popularity as a payment method within the Community of Bad Guys  BTC can be easily transferred from one member of the community to another  Value in BTC can be dormant/stored for a considerable period of time, i.e. the value cannot be frozen or confiscated as long as it is in the Block Chain. 24
25 Bitcoin (n.): A revolutionary digital currency free of central banks, deposits, or stable concepts of ownership and value. The New Devil’s Dictionary
Paper Money  In US are issued by the US Central Bank in accordance with an economic policy.  When Alice wishes to give a coin to Bob (in return for some goods or services) Bob can examine the coin to ensure that it is valid (i.e., not counterfeit).  Double spending is not a concern because Alice cannot give the same (valid) coin/bill to two different parties.  Payer anonymity, payment unlinkability (no link between payer and payee), and untraceability are provided 26
Bitcoin (BTC)  An electronic cash scheme invented by Satoshi Nakamoto (a pseudonym) in 2008.  Bitcoin is decentralized, i.e., there is no “Bank” or a Central Authority (but there is a committee of 5-6 key developers who maintain the BTC system as Open Source Software)  Payer anonymity and payment untraceability are not primary goals of Bitcoin.  Anyone can use Bitcoin:  Download a wallet from bitcoin.org.  Obtain bitcoins by “mining” or from an exchange such as VirtEx, BTC China (and, until recently, MtGox). How can the creation of coins be regulated?  How does the recipient of a coin ensure it has not been previously spent? 27
Bitcoin  The first bitcoins were generated by Satoshi Nakamoto on Jan 3 2009.  The basic unit of bitcoin currency is 1 BTC. Each BTC can be divided into 100 million pieces, the smallest of which, i.e., 0.00000001 BTC, is called a “satoshi”.  Bitcoins can be generated (i.e., mined) in theory by anyone.  They are generated at the rate of R BTC every 10 minutes (approximately).  Initially, R = 50.  On Nov 28 2012, R was lowered to 25.  R will be halved over time (every 212 K transaction or roughly 4 years), until the year 2140, when a total of 21 million BTC will have been generated. This is a hardcoded limit. No BTC inflation!  By March 2014, 12.1 million BTC had been generated. 28
Value of BTC • The dollar value of 1 BTC has fluctuated widely: (seecoinbase.com/charts) May 22 2010: $0.0025 Jan 1 2013: $13.30 Jul 17 2010: $0.08 Apr 9 2013: $223.10 Jan 1 2011: $0.30 Jul 6 2013: $69.31 Feb 9 2011: $1.00 Oct 31 2013: $127.25 Jun 8 2011: $31.91 Nov 30 2013: $1126.82 Jan 2 2012: $ 5.22 Jan 1 2014: $747.56 Jul 1 2012: $ 6.63 Mar 23 2014: $563.27 • Apr 20 2015: 1 BTC = $230 29
Organization of Bitcoin (basic elements)  Transaction: The transferring of a coin from one user to another. All transactions are public and are broadcast to all users.  Peer-to-peer network: The users of Bitcoin are organized in a peer-to-peer network.  Blocks: Every 10 minutes or so, the latest transactions are verified and collected into a block. This block is hashed and (cryptographically) linked with other blocks. The block is broadcast to the entire peer-to-peer network. 30
Organization of Bitcoin (basic elements)  Block chain: The list of blocks is called the Block Chain. It contains a record of all past transactions.  Mining: The process of verifying transactions and compiling a block is called mining. A successful miner receives a reward (new BTCs plus transaction fees).  Proof-of-work: To successfully compile a block and receive a reward, the miner has to solve a cryptographic challenge (requiring a very significant amount of computing power). 31
Block Chain Address of the previous block H( ) is the Digest of the previous block Head of the Chain Address and Digest of the Last Block 32
Properties of the Block chain  Block chain is a data structure (a linked list) that allows to append data onto the last existing block.  H ( ) is a hash function, in the case of the Bitcoin H( ) is SHA256  Block chain provides tamper-evident log of data stored in the Block chain  Any attempt to modify data in any of the previous blocks is easily detectable because the Head of the Chain is securely stored (at multiple locations) 33
Digital Signatures 34
Key pairs and Identities in Bitcoin  Each user selects randomly generated number a and using it computes another number A. This is done by the wallet software.  The user’s private key is a; the user’s public key is A. In Bitcoin, a user’s public key A is used to identify the user.  A user can (and frequently does) select a different key pair for each transaction. Thus, identity of the user can change with each transaction. (Remember extortion emails?)  If a user loses its private key all Bitcoins associated with this key are lost forever 35
Transaction  A transaction is the transfer of a coin (of any value) from one user to another user.  Suppose that Alice has a coin, say of value 1 BTC.  The transaction in which Alice obtained this bitcoin is represented by TXA.  Suppose Alice wishes to give this coin to Bob.  The transaction of 1 BTC is represented as follows: TAB = {TXA, A, B, 1 BTC}A, where {M}A denotes a message M and its signature with respect to the public key A (in other words the message is signed with Alice’s public key).  This transaction is broadcast to the entire peer-to-peer BTC network.  Transaction TAB is identified by its SHA-256 bit hash value.  Note: The transaction contains both Alice’s and Bob’s public keys, but not their names or any other identities. These keys are used to verify that transaction was initiated by Alice. 36
Chain of Transactions 37
First Bitcoins 38
39
Mining  Incentive: The block creator is awarded R BTC (currently, R = 25) besides transaction fees.  Users form mining pools and share an award.  Work factor: The target t (for the proof-of- work) is updated every 2016 blocks (2 weeks) to ensure that the average time it takes to generate a block is about 10 minutes.  Currently, the bitcoin network is generating hashes at the rate of approximately 254 per second. The hash difficulty is approximately t = 63.  A PC can do approximately 223 hashes per second. So, one PC will take about 35,000 years to generate a block. 40
Block Chain Mechanism  Users will accept a block if all the transactions in it are valid, and if the coins have not been previously spent.  Users show their acceptance of the block by using its hash value (digest) as the “previous hash” for the next block, thereby growing the block chain.  The block chain serves as a public ledger that records all transactions. 41
Security notes Bitcoin is “secure” as long as honest users collectively control more CPU power than any cooperating (colluding) group of users.  Since all transactions are public, payer anonymity and payment untraceability can not be guaranteed. 42
BTC anonymity, unlinkability, traceability…  There is fundamental and inherent conflict between decentralization and anonymity. For most users decentralization seems to be more important than anonymity.  How hard is to link different addresses of the same user?  How hard is to link different transactions of the same user?  How hard is to link sender of payment to its recipient?  Crypto currencies privacy (anonymity) properties are generally much weaker than those in traditional centralized banking system because anybody can examine Block chain of all transactions.  Bitcoin allows for multiple “side channels” that leaks data and for data mining techniques (e.g. Transaction Graph Analysis) to establish links.  There are several new proposals how to fix BTC anonymity issues for good using zero-knowledge protocols (e.g. Zerocoin, Zerocash). They all have some implementations challenges, but if realized, these protocols will be able to achieve real anonymity thus creating significant advantages for bad guys and significant headaches for the law enforcement agencies. 43
Extensibility and Limitations  Block chain data structure and distributed peer-to- peer consensus mechanism have potentially many applications, even outside finance (e.g. IoT). Bitcoin as it is operating now has several niche applications (e.g. international contractors and extortionists) and have some severe limitations and shortcomings:  “Bitcoin will start to malfunction early next year. Transactions will become increasingly delayed, and the system of money now worth $3.3 billion will begin to die as its flakiness drives people away, so says Gavin Andresen, who in 2010 was designated chief caretaker of the code that powers Bitcoin by its shadowy creator”. Andresen’s gloomy prediction stems from the fact that Bitcoin can’t process more than seven transactions a second” (e.g. compared for about 20,000 for Visa)  45% of exchanges are closed due to various failures or fraud issues.  Wall Street made $30 M investment into Chain Inc. to develop Block chain technology for financial applications aiming to reduce complexity and cost of existing system. Investors include Visa, Capital One, Goldman Saks, Fiserv and Orange. 44
45
Conclusion  Bitcoin opened a large and fast developing areas for research as well as several practical applications and generated considerable interest from computer scientists, economists, business people, lawyers, governments and non ethical hacking community (the bad guys).  Bitcoin is most certainly a testament to human ingenuity, its implementation integrates a number of known and ingenious ideas with new creative and elegant computational techniques.  Practice seems to be ahead of the theory. No one knows whether Bitcoin is stable and going to survive or it will experience a major setback or a shock and be folded (following Digi Cash and number of other cryptocurrencies into a graveyard).  Given amount of investment and interest that BTC has generated so far it is likely that BTC concepts and implementation techniques will produce important and far-reaching implications in many areas of society and economy.  Regulation  Stay tuned!  Note: This presentation contains materials from many web sources, including Princeton University Course “Bitcoin and Cryptocurrencies Technology”, Akamai and personal communications and materials from Prof. A. Menezes of the University of Waterloo in Canada. These materials are gratefully acknowledged. 46
Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Panelists William P. Shea Deputy Commissioner of Emergency Services & Public Protection, The State of Connecticut Leon Pintsov CEO, SignitSure Timothy Ronan Attorney, Pullman & Comley, LLC Moderator: Patricia Fisher President & CEO, JANUS ASSOCIATES; Board Member, CTC; Chair, CTC Cybersecurity Task Force Joseph Coray Vice President, Technology & Life Science Practice, The Hartford
CONNECTICUT TECHNOLOGY COUNCIL Cybersecurity Extortion and Fraud Tim Ronan September 30, 2015
Ransomware Screenshots -- CryptoLocker © 2015 Pullman & Comley LLC49
“Choose a convenient payment method” 1 BTC © 2015 Pullman & Comley LLC50
CryptoLocker –USD MoneyPak® payment © 2015 Pullman & Comley LLC51
FBI Ransomware -- Complete with handcuffs © 2015 Pullman & Comley LLC52
DOJ Ransomware – It’s a “fine,” not a ransom. © 2015 Pullman & Comley LLC53
DOJ-Homeland- FBI Ransomware © 2015 Pullman & Comley LLC54
FBI-DOJ-Homeland Ransomware Pay just a $300 “fine” for the key and to close your case. © 2015 Pullman & Comley LLC55
TeslaCrypt – Shocker: They’ve even co-opted Nikola’s name. © 2015 Pullman & Comley LLC56
The clock is always ticking… © 2015 Pullman & Comley LLC57
 … so what do you do? © 2015 Pullman & Comley LLC58
BRIDGEPORT | HARTFORD | STAMFORD | WATERBURY | WHITE PLAINS www.pullcom.com These slides are intended for educational and informational purposes only. Readers are advised to seek appropriate professional consultation before acting on any matters in this update. These slides may be considered attorney advertising. Prior results do not guarantee a similar outcome. These slides are intended for educational and informational purposes only. Readers are advised to seek appropriate professional consultation before acting on any matters in this update. These slides may be considered attorney advertising. Prior results do not guarantee a similar outcome.
Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Panelists William P. Shea Deputy Commissioner of Emergency Services & Public Protection, The State of Connecticut Leon Pintsov CEO, SignitSure Timothy Ronan Attorney, Pullman & Comley, LLC Moderator: Patricia Fisher President & CEO, JANUS ASSOCIATES; Board Member, CTC; Chair, CTC Cybersecurity Task Force Joseph Coray Vice President, Technology & Life Science Practice, The Hartford
Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Bruce Carlson President & CEO CT Technology Council Patricia Fisher President & CEO JANUS Associates, Inc. Nancy Hancock Partner Pullman and Comley LLC Richard Harris Partner Day Pitney LLP Rick Huebner President & CEO Visual Technologies, Inc. Lyle Liberman COO JANUS Associates, Inc. Andy McCarthy VP of Engineering & Technical Ops, Western NE Region Comcast Suzanne Novak Owner/President ERUdyne. LLC Dr. Leon Pintsov CEO SignitSure Inc. Paige Rasid COO CT Technology Council Ray Umerley Vice President Chief Data Protection Officer, Pitney Bowes Ron Vernier SVP and CIO Hartford Steam Boiler C y b e r s e c u r i t y Ta s k F o rc e
Click to edit Master title style 9/30/2015 62 Cybersecurity Extortion & Fraud Goodwin College September 30, 2015 Sponsored by:

Recomendados

Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics Chris Stallard
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 

Recomendados

Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics Chris Stallard
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Graeme Cross
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basicsChandrasekar Koushik ACII®
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceJoseph Brunsman
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)NAFCU Services Corporation
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Cybersecurity Seminar Series - March 30
Cybersecurity Seminar Series - March 30Cybersecurity Seminar Series - March 30
Cybersecurity Seminar Series - March 30Paige Rasid
 
Life Cycle of a Data Breach - Cybersecurity Seminar Series
Life Cycle of a Data Breach - Cybersecurity Seminar SeriesLife Cycle of a Data Breach - Cybersecurity Seminar Series
Life Cycle of a Data Breach - Cybersecurity Seminar SeriesPaige Rasid
 
September 2014 | Social Media and Mobile Tech
September 2014 | Social Media and Mobile Tech September 2014 | Social Media and Mobile Tech
September 2014 | Social Media and Mobile Tech Paige Rasid
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Graeme Cross
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceJoseph Brunsman
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015Robert Craig
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)NAFCU Services Corporation
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 

Mais procurados (19)

Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basics
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber Insurance
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
U session 9 cyber risk-insurance conf_marcus_evans_rj_craig_15jan2015
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
 
Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)Data Breaches Preparedness (Credit Union Conference Session)
Data Breaches Preparedness (Credit Union Conference Session)
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
 

Destaque

Cybersecurity Seminar Series - March 30
Cybersecurity Seminar Series - March 30Cybersecurity Seminar Series - March 30
Cybersecurity Seminar Series - March 30Paige Rasid
 
Life Cycle of a Data Breach - Cybersecurity Seminar Series
Life Cycle of a Data Breach - Cybersecurity Seminar SeriesLife Cycle of a Data Breach - Cybersecurity Seminar Series
Life Cycle of a Data Breach - Cybersecurity Seminar SeriesPaige Rasid
 
September 2014 | Social Media and Mobile Tech
September 2014 | Social Media and Mobile Tech September 2014 | Social Media and Mobile Tech
September 2014 | Social Media and Mobile Tech Paige Rasid
 
Gerrit Mets, Cyber Insurance Expert, on corporate cyber risks
Gerrit Mets, Cyber Insurance Expert, on corporate cyber risksGerrit Mets, Cyber Insurance Expert, on corporate cyber risks
Gerrit Mets, Cyber Insurance Expert, on corporate cyber risksVanbreda Risk & Benefits
 
Safety, Sanctuary and Security
Safety, Sanctuary and SecuritySafety, Sanctuary and Security
Safety, Sanctuary and SecurityPaige Rasid
 
2015 Marcum Tech Top 40 Awards
2015 Marcum Tech Top 40 Awards 2015 Marcum Tech Top 40 Awards
2015 Marcum Tech Top 40 Awards Paige Rasid
 
Marcum TT40 Presentation 2014
Marcum TT40 Presentation 2014Marcum TT40 Presentation 2014
Marcum TT40 Presentation 2014Paige Rasid
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
Impact of IT on the healthcare industry
Impact of IT on the healthcare industryImpact of IT on the healthcare industry
Impact of IT on the healthcare industryPaige Rasid
 
CVG - Medical Devices 2015
CVG - Medical Devices 2015CVG - Medical Devices 2015
CVG - Medical Devices 2015Paige Rasid
 
Manufacturing Value, A CVG Second Thursday Event, 10/10/13
Manufacturing Value, A CVG Second Thursday Event, 10/10/13Manufacturing Value, A CVG Second Thursday Event, 10/10/13
Manufacturing Value, A CVG Second Thursday Event, 10/10/13Paige Rasid
 
IT summit 2014-program
IT summit 2014-programIT summit 2014-program
IT summit 2014-programPaige Rasid
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Security
 
Keeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementKeeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementPaige Rasid
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...
BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...
BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...Abdulkadir Sugal
 

Destaque (20)

Cybersecurity Seminar Series - March 30
Cybersecurity Seminar Series - March 30Cybersecurity Seminar Series - March 30
Cybersecurity Seminar Series - March 30
 
Life Cycle of a Data Breach - Cybersecurity Seminar Series
Life Cycle of a Data Breach - Cybersecurity Seminar SeriesLife Cycle of a Data Breach - Cybersecurity Seminar Series
Life Cycle of a Data Breach - Cybersecurity Seminar Series
 
September 2014 | Social Media and Mobile Tech
September 2014 | Social Media and Mobile Tech September 2014 | Social Media and Mobile Tech
September 2014 | Social Media and Mobile Tech
 
Gerrit Mets, Cyber Insurance Expert, on corporate cyber risks
Gerrit Mets, Cyber Insurance Expert, on corporate cyber risksGerrit Mets, Cyber Insurance Expert, on corporate cyber risks
Gerrit Mets, Cyber Insurance Expert, on corporate cyber risks
 
Plep inteligencia humana
Plep inteligencia humanaPlep inteligencia humana
Plep inteligencia humana
 
Safety, Sanctuary and Security
Safety, Sanctuary and SecuritySafety, Sanctuary and Security
Safety, Sanctuary and Security
 
2015 Marcum Tech Top 40 Awards
2015 Marcum Tech Top 40 Awards 2015 Marcum Tech Top 40 Awards
2015 Marcum Tech Top 40 Awards
 
Marcum TT40 Presentation 2014
Marcum TT40 Presentation 2014Marcum TT40 Presentation 2014
Marcum TT40 Presentation 2014
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
Impact of IT on the healthcare industry
Impact of IT on the healthcare industryImpact of IT on the healthcare industry
Impact of IT on the healthcare industry
 
CVG - Medical Devices 2015
CVG - Medical Devices 2015CVG - Medical Devices 2015
CVG - Medical Devices 2015
 
Splice Closures - Fibre Optic Closures - 3M BPEO
Splice Closures - Fibre Optic Closures - 3M BPEOSplice Closures - Fibre Optic Closures - 3M BPEO
Splice Closures - Fibre Optic Closures - 3M BPEO
 
Manufacturing Value, A CVG Second Thursday Event, 10/10/13
Manufacturing Value, A CVG Second Thursday Event, 10/10/13Manufacturing Value, A CVG Second Thursday Event, 10/10/13
Manufacturing Value, A CVG Second Thursday Event, 10/10/13
 
IT summit 2014-program
IT summit 2014-programIT summit 2014-program
IT summit 2014-program
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malware
 
Keeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementKeeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor Management
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
 
Risk factor
Risk factorRisk factor
Risk factor
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...
BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...
BUSNIESS AND INDUSTRIAL PRACTICES: !) COMPETITION IN BUSINESS !!)BRIBERY AND...
 

Semelhante a CS3: Cybersecurity Extortion & Fraud

Regtech in the era of intermediaries
Regtech in the era of intermediariesRegtech in the era of intermediaries
Regtech in the era of intermediariesTim Swanson
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
How to Make Bitcoin a Better Currency
How to Make Bitcoin a Better CurrencyHow to Make Bitcoin a Better Currency
How to Make Bitcoin a Better CurrencyQutomatic
 
Fish Lined Paper For Letter Writing Printable Stationar
Fish Lined Paper For Letter Writing Printable StationarFish Lined Paper For Letter Writing Printable Stationar
Fish Lined Paper For Letter Writing Printable StationarJennifer Cruz
 
Anonymous CBDC? No thanks.
Anonymous CBDC? No thanks.Anonymous CBDC? No thanks.
Anonymous CBDC? No thanks.David Birch
 
Bitter to Better — How to Make Bitcoin a Better Currency.
Bitter to Better — How to Make Bitcoin a Better Currency.Bitter to Better — How to Make Bitcoin a Better Currency.
Bitter to Better — How to Make Bitcoin a Better Currency.Qutomatic
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingIJSRED
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudInternet Law Center
 
Etude PwC sur le Bitcoin (fév. 2014)
Etude PwC sur le Bitcoin (fév. 2014)Etude PwC sur le Bitcoin (fév. 2014)
Etude PwC sur le Bitcoin (fév. 2014)PwC France
 
Bitcoin payments innovation by pervees faisal islam
Bitcoin payments innovation by pervees faisal islam Bitcoin payments innovation by pervees faisal islam
Bitcoin payments innovation by pervees faisal islam Faisal Islam
 
High School Life Vs. College Life Compare And Contra
High School Life Vs. College Life Compare And ContraHigh School Life Vs. College Life Compare And Contra
High School Life Vs. College Life Compare And ContraErika Nelson
 
Payment Week - Andrew Barnes, Managing Director___Cashstar
Payment Week - Andrew Barnes, Managing Director___CashstarPayment Week - Andrew Barnes, Managing Director___Cashstar
Payment Week - Andrew Barnes, Managing Director___CashstarAndrew Barnes
 
Ddos extortion campaigns
Ddos extortion campaignsDdos extortion campaigns
Ddos extortion campaignsRoel Palmaers
 
DDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt TechnologiesDDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt TechnologiesMazeBolt Technologies
 
Blockchain 50 companies
Blockchain 50 companiesBlockchain 50 companies
Blockchain 50 companiesmakipei
 

Semelhante a CS3: Cybersecurity Extortion & Fraud (20)

Regtech in the era of intermediaries
Regtech in the era of intermediariesRegtech in the era of intermediaries
Regtech in the era of intermediaries
 
Hacking back in self defense
Hacking back in self defenseHacking back in self defense
Hacking back in self defense
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
What is cyber fraud?
What is cyber fraud?What is cyber fraud?
What is cyber fraud?
 
How to Make Bitcoin a Better Currency
How to Make Bitcoin a Better CurrencyHow to Make Bitcoin a Better Currency
How to Make Bitcoin a Better Currency
 
20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7
 
Fish Lined Paper For Letter Writing Printable Stationar
Fish Lined Paper For Letter Writing Printable StationarFish Lined Paper For Letter Writing Printable Stationar
Fish Lined Paper For Letter Writing Printable Stationar
 
Anonymous CBDC? No thanks.
Anonymous CBDC? No thanks.Anonymous CBDC? No thanks.
Anonymous CBDC? No thanks.
 
Bitter to Better — How to Make Bitcoin a Better Currency.
Bitter to Better — How to Make Bitcoin a Better Currency.Bitter to Better — How to Make Bitcoin a Better Currency.
Bitter to Better — How to Make Bitcoin a Better Currency.
 
State of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in BankingState of Cyber Crime Safety and Security in Banking
State of Cyber Crime Safety and Security in Banking
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
 
Etude PwC sur le Bitcoin (fév. 2014)
Etude PwC sur le Bitcoin (fév. 2014)Etude PwC sur le Bitcoin (fév. 2014)
Etude PwC sur le Bitcoin (fév. 2014)
 
Bitcoin payments innovation by pervees faisal islam
Bitcoin payments innovation by pervees faisal islam Bitcoin payments innovation by pervees faisal islam
Bitcoin payments innovation by pervees faisal islam
 
High School Life Vs. College Life Compare And Contra
High School Life Vs. College Life Compare And ContraHigh School Life Vs. College Life Compare And Contra
High School Life Vs. College Life Compare And Contra
 
Payment Week - Andrew Barnes, Managing Director___Cashstar
Payment Week - Andrew Barnes, Managing Director___CashstarPayment Week - Andrew Barnes, Managing Director___Cashstar
Payment Week - Andrew Barnes, Managing Director___Cashstar
 
Ddos extortion campaigns
Ddos extortion campaignsDdos extortion campaigns
Ddos extortion campaigns
 
DDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt TechnologiesDDoS Protection For Top 4 Industries | MazeBolt Technologies
DDoS Protection For Top 4 Industries | MazeBolt Technologies
 
ihegc012
ihegc012ihegc012
ihegc012
 
Blockchain 50 companies
Blockchain 50 companiesBlockchain 50 companies
Blockchain 50 companies
 

Mais de Paige Rasid

Women Of Innovation® 2016 Honoree Bios & Event Program
Women Of Innovation® 2016 Honoree Bios & Event ProgramWomen Of Innovation® 2016 Honoree Bios & Event Program
Women Of Innovation® 2016 Honoree Bios & Event ProgramPaige Rasid
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
2015 Marcum TT40 Program
2015 Marcum TT40 Program2015 Marcum TT40 Program
2015 Marcum TT40 ProgramPaige Rasid
 
Social Media & Mobile Tech - CVG Entrepreneur and Investor Event
Social Media & Mobile Tech - CVG Entrepreneur and Investor EventSocial Media & Mobile Tech - CVG Entrepreneur and Investor Event
Social Media & Mobile Tech - CVG Entrepreneur and Investor EventPaige Rasid
 
Women of Innovation 2015 Program
Women of Innovation 2015 ProgramWomen of Innovation 2015 Program
Women of Innovation 2015 ProgramPaige Rasid
 
Public Policy Agenda
Public Policy AgendaPublic Policy Agenda
Public Policy AgendaPaige Rasid
 
2014 Innovation Summit Program
2014 Innovation Summit Program2014 Innovation Summit Program
2014 Innovation Summit ProgramPaige Rasid
 
Marcum Tech Top 40 Program 2014
Marcum Tech Top 40 Program 2014Marcum Tech Top 40 Program 2014
Marcum Tech Top 40 Program 2014Paige Rasid
 
Q2 2014 shaking the money tree
Q2 2014 shaking the money treeQ2 2014 shaking the money tree
Q2 2014 shaking the money treePaige Rasid
 
CVG - Education Technology Software - Second Thursday Event - July 2014
CVG - Education Technology Software - Second Thursday Event - July 2014 CVG - Education Technology Software - Second Thursday Event - July 2014
CVG - Education Technology Software - Second Thursday Event - July 2014 Paige Rasid
 
2014 Women of Innovation(r) presented by the Connecticut Technology Council
2014 Women of Innovation(r) presented by the Connecticut Technology Council2014 Women of Innovation(r) presented by the Connecticut Technology Council
2014 Women of Innovation(r) presented by the Connecticut Technology CouncilPaige Rasid
 
Private Investment in CT, A CVG Second Thursday, 11/14/13
Private Investment in CT, A CVG Second Thursday, 11/14/13Private Investment in CT, A CVG Second Thursday, 11/14/13
Private Investment in CT, A CVG Second Thursday, 11/14/13Paige Rasid
 
The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13
The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13
The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13Paige Rasid
 
Grow with the Grove - A CVG Second Thursday Event, 7/11/13
Grow with the Grove - A CVG Second Thursday Event, 7/11/13 Grow with the Grove - A CVG Second Thursday Event, 7/11/13
Grow with the Grove - A CVG Second Thursday Event, 7/11/13Paige Rasid
 
Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13
Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13
Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13Paige Rasid
 
Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...
Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...
Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...Paige Rasid
 

Mais de Paige Rasid (16)

Women Of Innovation® 2016 Honoree Bios & Event Program
Women Of Innovation® 2016 Honoree Bios & Event ProgramWomen Of Innovation® 2016 Honoree Bios & Event Program
Women Of Innovation® 2016 Honoree Bios & Event Program
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
2015 Marcum TT40 Program
2015 Marcum TT40 Program2015 Marcum TT40 Program
2015 Marcum TT40 Program
 
Social Media & Mobile Tech - CVG Entrepreneur and Investor Event
Social Media & Mobile Tech - CVG Entrepreneur and Investor EventSocial Media & Mobile Tech - CVG Entrepreneur and Investor Event
Social Media & Mobile Tech - CVG Entrepreneur and Investor Event
 
Women of Innovation 2015 Program
Women of Innovation 2015 ProgramWomen of Innovation 2015 Program
Women of Innovation 2015 Program
 
Public Policy Agenda
Public Policy AgendaPublic Policy Agenda
Public Policy Agenda
 
2014 Innovation Summit Program
2014 Innovation Summit Program2014 Innovation Summit Program
2014 Innovation Summit Program
 
Marcum Tech Top 40 Program 2014
Marcum Tech Top 40 Program 2014Marcum Tech Top 40 Program 2014
Marcum Tech Top 40 Program 2014
 
Q2 2014 shaking the money tree
Q2 2014 shaking the money treeQ2 2014 shaking the money tree
Q2 2014 shaking the money tree
 
CVG - Education Technology Software - Second Thursday Event - July 2014
CVG - Education Technology Software - Second Thursday Event - July 2014 CVG - Education Technology Software - Second Thursday Event - July 2014
CVG - Education Technology Software - Second Thursday Event - July 2014
 
2014 Women of Innovation(r) presented by the Connecticut Technology Council
2014 Women of Innovation(r) presented by the Connecticut Technology Council2014 Women of Innovation(r) presented by the Connecticut Technology Council
2014 Women of Innovation(r) presented by the Connecticut Technology Council
 
Private Investment in CT, A CVG Second Thursday, 11/14/13
Private Investment in CT, A CVG Second Thursday, 11/14/13Private Investment in CT, A CVG Second Thursday, 11/14/13
Private Investment in CT, A CVG Second Thursday, 11/14/13
 
The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13
The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13
The Clean Tech Funding Roller Coaster - A CVG Second Thursday Event, 9/12/13
 
Grow with the Grove - A CVG Second Thursday Event, 7/11/13
Grow with the Grove - A CVG Second Thursday Event, 7/11/13 Grow with the Grove - A CVG Second Thursday Event, 7/11/13
Grow with the Grove - A CVG Second Thursday Event, 7/11/13
 
Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13
Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13
Mark G. Heesen, President, NVCA - A CVG Second Thursday Event, 6/13/13
 
Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...
Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...
Electronic Health Records (EHR) - A Look at the Industry and Its Future, A CV...
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

CS3: Cybersecurity Extortion & Fraud

  • 1. Click to edit Master title style 9/30/2015 1 Cybersecurity Extortion & Fraud Goodwin College September 30, 2015Sponsored by:
  • 2. Top Five Things You Can Do to Protect Your Clients and Your Business UCONN Stamford March 30, 2015 Presented by Bruce Carlson President & CEO Connecticut Technology Council Introduction
  • 3. Top Five Things You Can Do to Protect Your Clients and Your Business UCONN Stamford March 30, 2015 Presented by Mark Scheinberg President Goodwin College Welcome
  • 4. Top Five Things You Can Do to Protect Your Clients and Your Business UCONN Stamford March 30, 2015 Presented by Paul Savas Vice President Comcast Business Western New England Region Welcome
  • 5. Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: Martin McBride Presented by Keynote Speaker: William P. Shea Deputy Commissioner of Emergency Services & Public Protection, State of the CT To Discuss Cybersecurity Extortion and Fraud
  • 6. Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Patricia Fisher President & CEO, JANUS Associates Board Member, CTC Chair, CTC Cybersecurity Task Force Introduction of Panelists
  • 7. Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: Martin McBride Presented by Speaker: Leon A Pintsov CEO SignitSure To Discuss Bitcoin and its Security Challenges
  • 8. Bitcoin What is Bitcoin and how it is used in cyber extortion and fraud incidents? L. A Pintsov CTC Seminar on Cybersecurity September 30, 2015 8
  • 9. Outline  Cyber attacks, extortion and Bitcoin  Bitcoin - a little bit of mechanics  Properties of Bitcoin  Security and Privacy  Limitations  Future prospects  Conclusion 9
  • 13. How bad guys monetize their cyber exploits?  By selling attackers’ tools  By selling stolen data  By disabling victim’s internal IT system (e.g. via encryption of main and back-up business data bases rendering them useless unless a decryption is applied).  By disabling victim’s website for a significant period of time [e.g. by repeated Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks].  Last two attacks can be monetized only by extortion. “Ransoms vary in price and are usually demanded in Bitcoin”.  Note: The cost of attacks to bad guys are increasing and can be quite significant! Thus, we know of a few attacks that are done just to make a point (as it used to be the case with computer viruses sometime ago). 13
  • 14. July 31, 2015 Alert Number I-073115-PSA E-mail Extortion Campaigns Threatening Distributed Denial of Service Attacks The Internet Crime Complaint Center (IC3) recently received an increasing number of complaints from businesses reporting extortion campaigns via e-mail. In a typical complaint, the victim business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its Website unless it pays a ransom. Ransoms vary in price and are usually demanded in Bitcoin. Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution. Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, Wordpress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit. Based on information received at the IC3, the FBI suspects multiple individuals are involved in these extortion campaigns. The attacks are likely to expand to online industries and other targeted sectors, especially those susceptible to suffering financial losses if taken offline. If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the IC3 at http://www.ic3.gov/. Please provide any relevant information in your complaint, including the extortion e-mail with header information. Tips to protect yourself: •Do not open e-mail or attachments from unknown individuals. •Do not communicate with the subject. •If an attack occurs, utilize DDoS mitigation services. 14
  • 15. Akamai Report dated 9-9-2015  Akamai's Team is warning of increased activity by a group – known as DD4BC – that since 2014 has threatened to take down corporate networks with distributed denial-of-service (DDoS) attacks if a Bitcoin ransom is not paid. Akamai confirmed 141 attacks executed against 124 unique businesses between September 2014 and July 2015.  DD4BC started off small, only executing an average of nearly four DDoS extortion attacks per month from September 2014 to March. Activity started climbing in April with 16 attacks, peaked in June with 41 attacks, and tapered off a bit in July with 31 total attacks.  The organizations being targeted are in a variety of industries, including 58 percent in financial services, 12 percent in media and entertainment, nine percent in online gaming, six percent in retail and consumer goods, five percent in software and technology, and another five percent in internet and telecommunications.  “If a targeted organization pays the ransom, there is no reason to believe that the attackers will not return again, and often for a higher amount.” “Additionally, this could encourage other groups who may use the same name or in some way be associated with this group to threaten your organization and also send attack traffic. These types of attacks only work when the victims make it profitable for them. Not paying the ransom will often lessen the pervasiveness of these attacks.”  One of the group's latest tactics involves threatening to expose organizations via social media, the report mentioned. 15
  • 16. 16
  • 17. 17
  • 18. 18
  • 19. 19
  • 20. 20
  • 21. 21
  • 22. 22
  • 23. Results (from Akamai report)  The data suggests that the individuals involved in the DD4BC operations have received ransom payments from the DDoS threats.  Historically, targets of ransom demands are selected based on their anticipated reluctance to involve law enforcement.  DD4BC is expanding its targets to enterprise-level organizations. 23
  • 24. Why Bitcoin is a seemingly preferred payment extortion tool?  (Perceived) Anonymity /Unlinkability/Untraceability  Relative Ease of Use (for both the extortionist and the victim) • Remember instructions in the ransom email?  Ubiquity/Popularity as a payment method within the Community of Bad Guys  BTC can be easily transferred from one member of the community to another  Value in BTC can be dormant/stored for a considerable period of time, i.e. the value cannot be frozen or confiscated as long as it is in the Block Chain. 24
  • 25. 25 Bitcoin (n.): A revolutionary digital currency free of central banks, deposits, or stable concepts of ownership and value. The New Devil’s Dictionary
  • 26. Paper Money  In US are issued by the US Central Bank in accordance with an economic policy.  When Alice wishes to give a coin to Bob (in return for some goods or services) Bob can examine the coin to ensure that it is valid (i.e., not counterfeit).  Double spending is not a concern because Alice cannot give the same (valid) coin/bill to two different parties.  Payer anonymity, payment unlinkability (no link between payer and payee), and untraceability are provided 26
  • 27. Bitcoin (BTC)  An electronic cash scheme invented by Satoshi Nakamoto (a pseudonym) in 2008.  Bitcoin is decentralized, i.e., there is no “Bank” or a Central Authority (but there is a committee of 5-6 key developers who maintain the BTC system as Open Source Software)  Payer anonymity and payment untraceability are not primary goals of Bitcoin.  Anyone can use Bitcoin:  Download a wallet from bitcoin.org.  Obtain bitcoins by “mining” or from an exchange such as VirtEx, BTC China (and, until recently, MtGox). How can the creation of coins be regulated?  How does the recipient of a coin ensure it has not been previously spent? 27
  • 28. Bitcoin  The first bitcoins were generated by Satoshi Nakamoto on Jan 3 2009.  The basic unit of bitcoin currency is 1 BTC. Each BTC can be divided into 100 million pieces, the smallest of which, i.e., 0.00000001 BTC, is called a “satoshi”.  Bitcoins can be generated (i.e., mined) in theory by anyone.  They are generated at the rate of R BTC every 10 minutes (approximately).  Initially, R = 50.  On Nov 28 2012, R was lowered to 25.  R will be halved over time (every 212 K transaction or roughly 4 years), until the year 2140, when a total of 21 million BTC will have been generated. This is a hardcoded limit. No BTC inflation!  By March 2014, 12.1 million BTC had been generated. 28
  • 29. Value of BTC • The dollar value of 1 BTC has fluctuated widely: (seecoinbase.com/charts) May 22 2010: $0.0025 Jan 1 2013: $13.30 Jul 17 2010: $0.08 Apr 9 2013: $223.10 Jan 1 2011: $0.30 Jul 6 2013: $69.31 Feb 9 2011: $1.00 Oct 31 2013: $127.25 Jun 8 2011: $31.91 Nov 30 2013: $1126.82 Jan 2 2012: $ 5.22 Jan 1 2014: $747.56 Jul 1 2012: $ 6.63 Mar 23 2014: $563.27 • Apr 20 2015: 1 BTC = $230 29
  • 30. Organization of Bitcoin (basic elements)  Transaction: The transferring of a coin from one user to another. All transactions are public and are broadcast to all users.  Peer-to-peer network: The users of Bitcoin are organized in a peer-to-peer network.  Blocks: Every 10 minutes or so, the latest transactions are verified and collected into a block. This block is hashed and (cryptographically) linked with other blocks. The block is broadcast to the entire peer-to-peer network. 30
  • 31. Organization of Bitcoin (basic elements)  Block chain: The list of blocks is called the Block Chain. It contains a record of all past transactions.  Mining: The process of verifying transactions and compiling a block is called mining. A successful miner receives a reward (new BTCs plus transaction fees).  Proof-of-work: To successfully compile a block and receive a reward, the miner has to solve a cryptographic challenge (requiring a very significant amount of computing power). 31
  • 32. Block Chain Address of the previous block H( ) is the Digest of the previous block Head of the Chain Address and Digest of the Last Block 32
  • 33. Properties of the Block chain  Block chain is a data structure (a linked list) that allows to append data onto the last existing block.  H ( ) is a hash function, in the case of the Bitcoin H( ) is SHA256  Block chain provides tamper-evident log of data stored in the Block chain  Any attempt to modify data in any of the previous blocks is easily detectable because the Head of the Chain is securely stored (at multiple locations) 33
  • 35. Key pairs and Identities in Bitcoin  Each user selects randomly generated number a and using it computes another number A. This is done by the wallet software.  The user’s private key is a; the user’s public key is A. In Bitcoin, a user’s public key A is used to identify the user.  A user can (and frequently does) select a different key pair for each transaction. Thus, identity of the user can change with each transaction. (Remember extortion emails?)  If a user loses its private key all Bitcoins associated with this key are lost forever 35
  • 36. Transaction  A transaction is the transfer of a coin (of any value) from one user to another user.  Suppose that Alice has a coin, say of value 1 BTC.  The transaction in which Alice obtained this bitcoin is represented by TXA.  Suppose Alice wishes to give this coin to Bob.  The transaction of 1 BTC is represented as follows: TAB = {TXA, A, B, 1 BTC}A, where {M}A denotes a message M and its signature with respect to the public key A (in other words the message is signed with Alice’s public key).  This transaction is broadcast to the entire peer-to-peer BTC network.  Transaction TAB is identified by its SHA-256 bit hash value.  Note: The transaction contains both Alice’s and Bob’s public keys, but not their names or any other identities. These keys are used to verify that transaction was initiated by Alice. 36
  • 39. 39
  • 40. Mining  Incentive: The block creator is awarded R BTC (currently, R = 25) besides transaction fees.  Users form mining pools and share an award.  Work factor: The target t (for the proof-of- work) is updated every 2016 blocks (2 weeks) to ensure that the average time it takes to generate a block is about 10 minutes.  Currently, the bitcoin network is generating hashes at the rate of approximately 254 per second. The hash difficulty is approximately t = 63.  A PC can do approximately 223 hashes per second. So, one PC will take about 35,000 years to generate a block. 40
  • 41. Block Chain Mechanism  Users will accept a block if all the transactions in it are valid, and if the coins have not been previously spent.  Users show their acceptance of the block by using its hash value (digest) as the “previous hash” for the next block, thereby growing the block chain.  The block chain serves as a public ledger that records all transactions. 41
  • 42. Security notes Bitcoin is “secure” as long as honest users collectively control more CPU power than any cooperating (colluding) group of users.  Since all transactions are public, payer anonymity and payment untraceability can not be guaranteed. 42
  • 43. BTC anonymity, unlinkability, traceability…  There is fundamental and inherent conflict between decentralization and anonymity. For most users decentralization seems to be more important than anonymity.  How hard is to link different addresses of the same user?  How hard is to link different transactions of the same user?  How hard is to link sender of payment to its recipient?  Crypto currencies privacy (anonymity) properties are generally much weaker than those in traditional centralized banking system because anybody can examine Block chain of all transactions.  Bitcoin allows for multiple “side channels” that leaks data and for data mining techniques (e.g. Transaction Graph Analysis) to establish links.  There are several new proposals how to fix BTC anonymity issues for good using zero-knowledge protocols (e.g. Zerocoin, Zerocash). They all have some implementations challenges, but if realized, these protocols will be able to achieve real anonymity thus creating significant advantages for bad guys and significant headaches for the law enforcement agencies. 43
  • 44. Extensibility and Limitations  Block chain data structure and distributed peer-to- peer consensus mechanism have potentially many applications, even outside finance (e.g. IoT). Bitcoin as it is operating now has several niche applications (e.g. international contractors and extortionists) and have some severe limitations and shortcomings:  “Bitcoin will start to malfunction early next year. Transactions will become increasingly delayed, and the system of money now worth $3.3 billion will begin to die as its flakiness drives people away, so says Gavin Andresen, who in 2010 was designated chief caretaker of the code that powers Bitcoin by its shadowy creator”. Andresen’s gloomy prediction stems from the fact that Bitcoin can’t process more than seven transactions a second” (e.g. compared for about 20,000 for Visa)  45% of exchanges are closed due to various failures or fraud issues.  Wall Street made $30 M investment into Chain Inc. to develop Block chain technology for financial applications aiming to reduce complexity and cost of existing system. Investors include Visa, Capital One, Goldman Saks, Fiserv and Orange. 44
  • 45. 45
  • 46. Conclusion  Bitcoin opened a large and fast developing areas for research as well as several practical applications and generated considerable interest from computer scientists, economists, business people, lawyers, governments and non ethical hacking community (the bad guys).  Bitcoin is most certainly a testament to human ingenuity, its implementation integrates a number of known and ingenious ideas with new creative and elegant computational techniques.  Practice seems to be ahead of the theory. No one knows whether Bitcoin is stable and going to survive or it will experience a major setback or a shock and be folded (following Digi Cash and number of other cryptocurrencies into a graveyard).  Given amount of investment and interest that BTC has generated so far it is likely that BTC concepts and implementation techniques will produce important and far-reaching implications in many areas of society and economy.  Regulation  Stay tuned!  Note: This presentation contains materials from many web sources, including Princeton University Course “Bitcoin and Cryptocurrencies Technology”, Akamai and personal communications and materials from Prof. A. Menezes of the University of Waterloo in Canada. These materials are gratefully acknowledged. 46
  • 47. Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Panelists William P. Shea Deputy Commissioner of Emergency Services & Public Protection, The State of Connecticut Leon Pintsov CEO, SignitSure Timothy Ronan Attorney, Pullman & Comley, LLC Moderator: Patricia Fisher President & CEO, JANUS ASSOCIATES; Board Member, CTC; Chair, CTC Cybersecurity Task Force Joseph Coray Vice President, Technology & Life Science Practice, The Hartford
  • 49. Ransomware Screenshots -- CryptoLocker © 2015 Pullman & Comley LLC49
  • 50. “Choose a convenient payment method” 1 BTC © 2015 Pullman & Comley LLC50
  • 51. CryptoLocker –USD MoneyPak® payment © 2015 Pullman & Comley LLC51
  • 52. FBI Ransomware -- Complete with handcuffs © 2015 Pullman & Comley LLC52
  • 53. DOJ Ransomware – It’s a “fine,” not a ransom. © 2015 Pullman & Comley LLC53
  • 54. DOJ-Homeland- FBI Ransomware © 2015 Pullman & Comley LLC54
  • 55. FBI-DOJ-Homeland Ransomware Pay just a $300 “fine” for the key and to close your case. © 2015 Pullman & Comley LLC55
  • 56. TeslaCrypt – Shocker: They’ve even co-opted Nikola’s name. © 2015 Pullman & Comley LLC56
  • 57. The clock is always ticking… © 2015 Pullman & Comley LLC57
  • 58.  … so what do you do? © 2015 Pullman & Comley LLC58
  • 59. BRIDGEPORT | HARTFORD | STAMFORD | WATERBURY | WHITE PLAINS www.pullcom.com These slides are intended for educational and informational purposes only. Readers are advised to seek appropriate professional consultation before acting on any matters in this update. These slides may be considered attorney advertising. Prior results do not guarantee a similar outcome. These slides are intended for educational and informational purposes only. Readers are advised to seek appropriate professional consultation before acting on any matters in this update. These slides may be considered attorney advertising. Prior results do not guarantee a similar outcome.
  • 60. Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Panelists William P. Shea Deputy Commissioner of Emergency Services & Public Protection, The State of Connecticut Leon Pintsov CEO, SignitSure Timothy Ronan Attorney, Pullman & Comley, LLC Moderator: Patricia Fisher President & CEO, JANUS ASSOCIATES; Board Member, CTC; Chair, CTC Cybersecurity Task Force Joseph Coray Vice President, Technology & Life Science Practice, The Hartford
  • 61. Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: P re s e n t e d b y Bruce Carlson President & CEO CT Technology Council Patricia Fisher President & CEO JANUS Associates, Inc. Nancy Hancock Partner Pullman and Comley LLC Richard Harris Partner Day Pitney LLP Rick Huebner President & CEO Visual Technologies, Inc. Lyle Liberman COO JANUS Associates, Inc. Andy McCarthy VP of Engineering & Technical Ops, Western NE Region Comcast Suzanne Novak Owner/President ERUdyne. LLC Dr. Leon Pintsov CEO SignitSure Inc. Paige Rasid COO CT Technology Council Ray Umerley Vice President Chief Data Protection Officer, Pitney Bowes Ron Vernier SVP and CIO Hartford Steam Boiler C y b e r s e c u r i t y Ta s k F o rc e
  • 62. Click to edit Master title style 9/30/2015 62 Cybersecurity Extortion & Fraud Goodwin College September 30, 2015 Sponsored by: