SlideShare a Scribd company logo

Visual hacking (ec)

Download as PPTX, PDF
Bradley W. Deacon
Bradley W. Deacon

Visual Hacking is a cyber safety issue that is also known as 'shoulder surfing' where before smartphones and mobile phones people used calling cards to make calls when away from home. These cards were often compromised by persons obtaining the card number and PIN by standing behind the person using the card and recording the numbers.

Education
1 of 22
Visual Hacking Bradley W. Deacon
BRADLEY W DEACON Session Speaker Bradley W Deacon Bradley is a former Federal Agent and was one of the first members of the Australian Federal Police Computer Crime Unit Sydney where in 1995 his team was successful in having the first jail sentence imposed on a computer hacker. Bradley is a qualified non practising lawyer focussing on Cyber related Law, with degrees in criminal justice, law, and postgraduate studies in Criminology and Law. Additionally Bradley has a Postgraduate Certificate in Distance Ed specialising in Digital Delivery from Penn State University. Bradley also has a Masters in National Security with his thesis centred around digital technology: “Evolving Digital Technology Terrorist Financing & The Threat To U.S National Security” As a cyber bullying and stalking advocate, Bradley was approached by VCAT in 2014 to design and facilitate delivery of a social media awareness package in 2015 for Victorian Court Staff and the Judiciary and was recently a keynote speaker at the Say No 2 Bullying Conference on the Gold Coast. Bradley lectures at several Australian Universities and colleges in a variety of Cyber related Law units and justice units and is about to undertake a PhD in Social Media by ‘publication’.
Session Outline Learning Outcomes • Background to visual hacking (shoulder surfing) • Types of visual hacking • Corporate espionage • Internal office visual control mechanisms to minimize visual hacking • External visual control mechanisms to minimize visual hacking
Visual Hacking-Shoulder Surfing Telephone Calling Cards Early 1990’s ● Cards linked back to home/business phone account ● When away from home/business key in card # and PIN # ● Calls billed to home/business account ● Option to key it in from phone or call an operator and pass on card details and PIN # ● Several vulnerabilities resulted from such practice
Visual Hacking-Shoulder Surfing Vulnerabilities ● Travellers would use pay phones at bus terminus, airports, railway stations, shopping centres, casinos, hotel lobbies ● Criminal gangs would hover around such pay phone locations and pretended to be on adjoining phone ● Victim would call operator and pass on details of card which the ‘shoulder surfer’ would note down or film the details being entered and at this point the card is compromised
Visual Hacking-Shoulder Surfing Black Market For Card Details ● Calling card access details very attractive on black market ● Compromised card holder usually only received a phone bill once a month ● Pending on billing cycle card could be ‘live’ for up to 30 days or more ● Shoulder surfer would on sell the card details for as low as $20 ● Sold usually at locations where card can be demonstrated to work
Visual Hacking-Shoulder Surfing Cost of Compromise ● Usually person who bought card details would also on sell card for a profit hundreds of times ● The domino effect of such a compromise amounted to phone bills for hundreds of thousands and even millions of dollars being delivered to card owner ● Simultaneous calls were made to all corners of the globe at a time when international calls were anywhere between $2 per minute and $8 per minute
Visual Hacking-Shoulder Surfing Lack of Safeguards In Place By Phone Company ● As one card was connected at hundreds of locations simultaneously phone companies failed to have safeguards in place to detect such activity ● As a result of the scenario in the following Infographic in the next slide a recommendation report was put forward to the phone companies to implement security safeguards to detect simultaneous use by one card
History & A Case Study Of Visual Hacking
Visual Hacking-Shoulder Surfing A Simple Solution That Eliminated The Issue ● Safeguards implemented by the phone companies were not expensive to roll out ● Provided a barrier that prevented card from being used simultaneously ● Customer education was also a key component of the phone companies strategy ● As a result of proactive activity, reducing fraud companies that were becoming more reliant on computers in the early 90’s started to look at security as a front of mind process
Visual Hacking 2016 Style From 1990’s to 2016 Visual Hacking ● Shoulder surfing now has a more appropriate name for the digital age ● ‘Visual Hacking’ which can be defined simply as to being as “obtaining or capturing sensitive information for unauthorized use”
Visual Hacking-Shoulder Surfing Examples of Visual Hacking ● Taking photos of documents left on a printer or information displayed on a screen ● Memorising details seen on a screen or a desk ● Micro audio recording of details seen ● Simply writing down employee login information that is taped to a computer monitor ● External visual hacking via telephoto lenses through untinted windows
Visual Hacking-Shoulder Surfing Visual Hackers Can Be ● Staff members ● Interns ● Contractors ● Clients ● Visitors ● Persons in adjoining buildings
Visual Hacking-Shoulder Surfing Visual Hacking Experiment ● In the Visual Hacking Experiment, a study conducted by Ponemon Institute and jointly sponsored by 3M Company and the Visual Privacy Advisory Council, white-hat hackers posing as temporary or part-time workers were sent into the offices of eight U.S.-based, participating companies.
Visual Hacking-Shoulder Surfing Visual Hacking Experiment ● The hackers were able to visually hack sensitive and confidential information from exposed documents and computer screens. ● Able to visually hack information such as employee access and login credentials, accounting information and customer information in 88 percent of attempts and were not stopped in 70 percent of incidents. ● The following short video demonstrates the experiment
Visual Hacking Safeguards To Help Prevent Visual Hacking ● The best place to begin clamping down on visual privacy threats, is to perform a visual privacy audit ● The visual privacy audit will help you assess your key-risk areas and evaluate existing security measures that are in place
Visual Hacking Visual Privacy Audit • Does your organization have a visual privacy policy? • Are shredders located near copiers, printers and desks where confidential documents are regularly handled? • Are computer screens angled away from high-traffic areas and windows, and fitted with privacy filters? • Do employees keep log-in and password information posted at their workstations or elsewhere?
Visual Hacking-Shoulder Surfing Visual Privacy Audit Continued • Are employees leaving computer screens on or documents out in the open when not at their desks? • Do employees know to be mindful of who is on the premises and what they are accessing, photographing or viewing? • Are there reporting mechanisms for suspicious activities?
Visual Hacking-Shoulder Surfing Key Points To Take Away • Visual Hackers can be anyone who has access to your office or are in close proximity • Reception areas are very vulnerable to visual hacking • What will clients/visitors think of your privacy safeguards if they can openly see information • Make sure staff are aware of the phone card shoulder surfing scenario and highlight to them using laptops and smartphones in crowded places leave them open to visual hacking • Simple safeguards and a visual privacy policy will help you protect your business
Visual Hacking Visual Hacking Hot Zone
Visual Hacking-Shoulder Surfing Further Information & Sample Privacy Audit Checklist ● For additional information on visual hacking go to my LinkedIn Profile and see my LinkedInPulse Blog ● ‘Visual Hacking An Old Tactic With A New Name’ ● https://www.linkedin.com/pulse/visual-hacking-old- tactic-new-name-bradley-w-deacon?trk=mp-reader- card
Visual Hacking

Recommended

Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec) Bradley W. Deacon
 
Darknet
DarknetDarknet
DarknetVishnu Shaji
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Bangladesh Network Operators Group
 
Dark web
Dark webDark web
Dark webSafwan Hashmi
 
Dw communication
Dw communicationDw communication
Dw communicationArjun Chetry
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackersHarsh Sharma
 

Recommended

Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec) Bradley W. Deacon
 
Darknet
DarknetDarknet
DarknetVishnu Shaji
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Bangladesh Network Operators Group
 
Dark web
Dark webDark web
Dark webSafwan Hashmi
 
Dw communication
Dw communicationDw communication
Dw communicationArjun Chetry
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackersHarsh Sharma
 
Internet security
Internet securityInternet security
Internet securityMohammed Adam
 
How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsIulia Porneala
 
Internet and personal privacy
Internet and personal privacyInternet and personal privacy
Internet and personal privacyRoshan Kumar Bhattarai
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet securityuniversity of mumbai
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
Computer hacking
Computer hackingComputer hacking
Computer hackingArjun Tomar
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Hacking
Hacking Hacking
Hacking mohammedramadan15
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Hackers
HackersHackers
HackersMohamed Boudchiche
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network IntruderErdo Deshiant Garnaby
 
Public Wi-Fi security 101
Public Wi-Fi security 101Public Wi-Fi security 101
Public Wi-Fi security 101RapidSSLOnline.com
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Information security & data security | Chandan Singh Ghodela
Information security & data security | Chandan Singh GhodelaInformation security & data security | Chandan Singh Ghodela
Information security & data security | Chandan Singh GhodelaChandan Singh Ghodela
 
Defamation on the internet
Defamation on the internetDefamation on the internet
Defamation on the internetginakessler
 
Internet Defamation
Internet DefamationInternet Defamation
Internet DefamationApostolos Syropoulos
 

More Related Content

What's hot

How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsIulia Porneala
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Computer hacking
Computer hackingComputer hacking
Computer hackingArjun Tomar
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed webNitish Joshi
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Information security & data security | Chandan Singh Ghodela
Information security & data security | Chandan Singh GhodelaInformation security & data security | Chandan Singh Ghodela
Information security & data security | Chandan Singh GhodelaChandan Singh Ghodela
 

What's hot (20)

Internet security
Internet securityInternet security
Internet security
 
How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNs
 
Internet and personal privacy
Internet and personal privacyInternet and personal privacy
Internet and personal privacy
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
Hacking
Hacking Hacking
Hacking
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Hackers
HackersHackers
Hackers
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
Public Wi-Fi security 101
Public Wi-Fi security 101Public Wi-Fi security 101
Public Wi-Fi security 101
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Deep web, the unIndexed web
Deep web, the unIndexed webDeep web, the unIndexed web
Deep web, the unIndexed web
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Information security & data security | Chandan Singh Ghodela
Information security & data security | Chandan Singh GhodelaInformation security & data security | Chandan Singh Ghodela
Information security & data security | Chandan Singh Ghodela
 

Viewers also liked

Defamation on the internet
Defamation on the internetDefamation on the internet
Defamation on the internetginakessler
 
Social media and defamation law (watermarked)
Social media and defamation law (watermarked) Social media and defamation law (watermarked)
Social media and defamation law (watermarked) Bradley W. Deacon
 
Defamation and copyright act
Defamation and copyright actDefamation and copyright act
Defamation and copyright actAysha Bhutta
 
Cyber defamation
Cyber defamationCyber defamation
Cyber defamationTuhin Batra
 
Defamation
DefamationDefamation
Defamationzarinaf
 
Law of defamation
Law of defamationLaw of defamation
Law of defamationJimi Kayode
 
Online defamation through social media an attempt to reconcile conflicts bet...
Online defamation through social media an attempt to reconcile conflicts bet...Online defamation through social media an attempt to reconcile conflicts bet...
Online defamation through social media an attempt to reconcile conflicts bet...International Islamic University Malaysia
 

Viewers also liked (13)

Defamation on the internet
Defamation on the internetDefamation on the internet
Defamation on the internet
 
Internet Defamation
Internet DefamationInternet Defamation
Internet Defamation
 
Defamation on the Internet
Defamation on the InternetDefamation on the Internet
Defamation on the Internet
 
Social media and defamation law (watermarked)
Social media and defamation law (watermarked) Social media and defamation law (watermarked)
Social media and defamation law (watermarked)
 
Online Defamation
Online DefamationOnline Defamation
Online Defamation
 
Defamation and copyright act
Defamation and copyright actDefamation and copyright act
Defamation and copyright act
 
PT_Internet_Addiction
PT_Internet_AddictionPT_Internet_Addiction
PT_Internet_Addiction
 
Cyber defamation
Cyber defamationCyber defamation
Cyber defamation
 
Defamation
DefamationDefamation
Defamation
 
Law of defamation
Law of defamationLaw of defamation
Law of defamation
 
Defamation
DefamationDefamation
Defamation
 
Defamation ppt
Defamation pptDefamation ppt
Defamation ppt
 
Online defamation through social media an attempt to reconcile conflicts bet...
Online defamation through social media an attempt to reconcile conflicts bet...Online defamation through social media an attempt to reconcile conflicts bet...
Online defamation through social media an attempt to reconcile conflicts bet...
 

Similar to Visual hacking (ec)

Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.Arijit Ghosh
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyMichael Davis
 
What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?Entrance Exam Info
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingSignals Defense, LLC
 
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...BodeGeorge
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber WarfareSwapnil Jagtap
 

Similar to Visual hacking (ec) (20)

Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.Mobisheild sales promotion presentation.
Mobisheild sales promotion presentation.
 
3 steps security
3 steps security3 steps security
3 steps security
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide Deck
 
ISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and PrivacyISACA CACS 2012 - Mobile Device Security and Privacy
ISACA CACS 2012 - Mobile Device Security and Privacy
 
What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?What is Cybercrime and How to Prevent Cybercrime?
What is Cybercrime and How to Prevent Cybercrime?
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Seecure Columbia
Seecure ColumbiaSeecure Columbia
Seecure Columbia
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
 
Sholove cyren web security presentation2
Sholove cyren web security presentation2Sholove cyren web security presentation2
Sholove cyren web security presentation2
 
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
Multi-Factor Authentication of zOS (Steven Ringelberg - VANGUARD Integrity Pr...
 
Secure End User
Secure End UserSecure End User
Secure End User
 
E banking & security concern
E banking & security concernE banking & security concern
E banking & security concern
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

More from Bradley W. Deacon

Grow Your Business With Pinterest
Grow Your Business With PinterestGrow Your Business With Pinterest
Grow Your Business With PinterestBradley W. Deacon
 
Social Media Training Pinterest (7/2014)
Social Media Training Pinterest (7/2014)Social Media Training Pinterest (7/2014)
Social Media Training Pinterest (7/2014)Bradley W. Deacon
 
Communication Skills Learning Styles In A Justice Environment
Communication Skills Learning Styles In A Justice Environment Communication Skills Learning Styles In A Justice Environment
Communication Skills Learning Styles In A Justice Environment Bradley W. Deacon
 
Grow Your Business With A Hash #
Grow Your Business With A Hash #Grow Your Business With A Hash #
Grow Your Business With A Hash #Bradley W. Deacon
 
A Parents Guide To Instant Messaging and Chat Options 2014
A Parents Guide To Instant Messaging and Chat Options 2014A Parents Guide To Instant Messaging and Chat Options 2014
A Parents Guide To Instant Messaging and Chat Options 2014Bradley W. Deacon
 
One Bad Tweet & Or Post & %$#@
One Bad Tweet & Or Post & %$#@One Bad Tweet & Or Post & %$#@
One Bad Tweet & Or Post & %$#@Bradley W. Deacon
 
Parents Guide To Social Media Sites Dangers & How Children & Adults Interact
Parents Guide To Social Media Sites Dangers & How Children & Adults InteractParents Guide To Social Media Sites Dangers & How Children & Adults Interact
Parents Guide To Social Media Sites Dangers & How Children & Adults InteractBradley W. Deacon
 

More from Bradley W. Deacon (14)

Online Contracting
Online ContractingOnline Contracting
Online Contracting
 
Twitter For Everyone
Twitter For EveryoneTwitter For Everyone
Twitter For Everyone
 
Pinterest for everyone
Pinterest for everyonePinterest for everyone
Pinterest for everyone
 
#SeizeTheDay
#SeizeTheDay #SeizeTheDay
#SeizeTheDay
 
Instagram For Everyone
Instagram For EveryoneInstagram For Everyone
Instagram For Everyone
 
Tweet Beam Explained
Tweet Beam Explained Tweet Beam Explained
Tweet Beam Explained
 
Grow Your Business With Pinterest
Grow Your Business With PinterestGrow Your Business With Pinterest
Grow Your Business With Pinterest
 
Social Media Training Pinterest (7/2014)
Social Media Training Pinterest (7/2014)Social Media Training Pinterest (7/2014)
Social Media Training Pinterest (7/2014)
 
Communication Skills Learning Styles In A Justice Environment
Communication Skills Learning Styles In A Justice Environment Communication Skills Learning Styles In A Justice Environment
Communication Skills Learning Styles In A Justice Environment
 
Grow Your Business With A Hash #
Grow Your Business With A Hash #Grow Your Business With A Hash #
Grow Your Business With A Hash #
 
A Parents Guide To Instant Messaging and Chat Options 2014
A Parents Guide To Instant Messaging and Chat Options 2014A Parents Guide To Instant Messaging and Chat Options 2014
A Parents Guide To Instant Messaging and Chat Options 2014
 
One Bad Tweet & Or Post & %$#@
One Bad Tweet & Or Post & %$#@One Bad Tweet & Or Post & %$#@
One Bad Tweet & Or Post & %$#@
 
Bitcoin A General Overview
Bitcoin A General Overview Bitcoin A General Overview
Bitcoin A General Overview
 
Parents Guide To Social Media Sites Dangers & How Children & Adults Interact
Parents Guide To Social Media Sites Dangers & How Children & Adults InteractParents Guide To Social Media Sites Dangers & How Children & Adults Interact
Parents Guide To Social Media Sites Dangers & How Children & Adults Interact
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

Recently uploaded (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

Visual hacking (ec)

  • 2. BRADLEY W DEACON Session Speaker Bradley W Deacon Bradley is a former Federal Agent and was one of the first members of the Australian Federal Police Computer Crime Unit Sydney where in 1995 his team was successful in having the first jail sentence imposed on a computer hacker. Bradley is a qualified non practising lawyer focussing on Cyber related Law, with degrees in criminal justice, law, and postgraduate studies in Criminology and Law. Additionally Bradley has a Postgraduate Certificate in Distance Ed specialising in Digital Delivery from Penn State University. Bradley also has a Masters in National Security with his thesis centred around digital technology: “Evolving Digital Technology Terrorist Financing & The Threat To U.S National Security” As a cyber bullying and stalking advocate, Bradley was approached by VCAT in 2014 to design and facilitate delivery of a social media awareness package in 2015 for Victorian Court Staff and the Judiciary and was recently a keynote speaker at the Say No 2 Bullying Conference on the Gold Coast. Bradley lectures at several Australian Universities and colleges in a variety of Cyber related Law units and justice units and is about to undertake a PhD in Social Media by ‘publication’.
  • 3. Session Outline Learning Outcomes • Background to visual hacking (shoulder surfing) • Types of visual hacking • Corporate espionage • Internal office visual control mechanisms to minimize visual hacking • External visual control mechanisms to minimize visual hacking
  • 4. Visual Hacking-Shoulder Surfing Telephone Calling Cards Early 1990’s ● Cards linked back to home/business phone account ● When away from home/business key in card # and PIN # ● Calls billed to home/business account ● Option to key it in from phone or call an operator and pass on card details and PIN # ● Several vulnerabilities resulted from such practice
  • 5. Visual Hacking-Shoulder Surfing Vulnerabilities ● Travellers would use pay phones at bus terminus, airports, railway stations, shopping centres, casinos, hotel lobbies ● Criminal gangs would hover around such pay phone locations and pretended to be on adjoining phone ● Victim would call operator and pass on details of card which the ‘shoulder surfer’ would note down or film the details being entered and at this point the card is compromised
  • 6. Visual Hacking-Shoulder Surfing Black Market For Card Details ● Calling card access details very attractive on black market ● Compromised card holder usually only received a phone bill once a month ● Pending on billing cycle card could be ‘live’ for up to 30 days or more ● Shoulder surfer would on sell the card details for as low as $20 ● Sold usually at locations where card can be demonstrated to work
  • 7. Visual Hacking-Shoulder Surfing Cost of Compromise ● Usually person who bought card details would also on sell card for a profit hundreds of times ● The domino effect of such a compromise amounted to phone bills for hundreds of thousands and even millions of dollars being delivered to card owner ● Simultaneous calls were made to all corners of the globe at a time when international calls were anywhere between $2 per minute and $8 per minute
  • 8. Visual Hacking-Shoulder Surfing Lack of Safeguards In Place By Phone Company ● As one card was connected at hundreds of locations simultaneously phone companies failed to have safeguards in place to detect such activity ● As a result of the scenario in the following Infographic in the next slide a recommendation report was put forward to the phone companies to implement security safeguards to detect simultaneous use by one card
  • 9. History & A Case Study Of Visual Hacking
  • 10. Visual Hacking-Shoulder Surfing A Simple Solution That Eliminated The Issue ● Safeguards implemented by the phone companies were not expensive to roll out ● Provided a barrier that prevented card from being used simultaneously ● Customer education was also a key component of the phone companies strategy ● As a result of proactive activity, reducing fraud companies that were becoming more reliant on computers in the early 90’s started to look at security as a front of mind process
  • 11. Visual Hacking 2016 Style From 1990’s to 2016 Visual Hacking ● Shoulder surfing now has a more appropriate name for the digital age ● ‘Visual Hacking’ which can be defined simply as to being as “obtaining or capturing sensitive information for unauthorized use”
  • 12. Visual Hacking-Shoulder Surfing Examples of Visual Hacking ● Taking photos of documents left on a printer or information displayed on a screen ● Memorising details seen on a screen or a desk ● Micro audio recording of details seen ● Simply writing down employee login information that is taped to a computer monitor ● External visual hacking via telephoto lenses through untinted windows
  • 13. Visual Hacking-Shoulder Surfing Visual Hackers Can Be ● Staff members ● Interns ● Contractors ● Clients ● Visitors ● Persons in adjoining buildings
  • 14. Visual Hacking-Shoulder Surfing Visual Hacking Experiment ● In the Visual Hacking Experiment, a study conducted by Ponemon Institute and jointly sponsored by 3M Company and the Visual Privacy Advisory Council, white-hat hackers posing as temporary or part-time workers were sent into the offices of eight U.S.-based, participating companies.
  • 15. Visual Hacking-Shoulder Surfing Visual Hacking Experiment ● The hackers were able to visually hack sensitive and confidential information from exposed documents and computer screens. ● Able to visually hack information such as employee access and login credentials, accounting information and customer information in 88 percent of attempts and were not stopped in 70 percent of incidents. ● The following short video demonstrates the experiment
  • 16. Visual Hacking Safeguards To Help Prevent Visual Hacking ● The best place to begin clamping down on visual privacy threats, is to perform a visual privacy audit ● The visual privacy audit will help you assess your key-risk areas and evaluate existing security measures that are in place
  • 17. Visual Hacking Visual Privacy Audit • Does your organization have a visual privacy policy? • Are shredders located near copiers, printers and desks where confidential documents are regularly handled? • Are computer screens angled away from high-traffic areas and windows, and fitted with privacy filters? • Do employees keep log-in and password information posted at their workstations or elsewhere?
  • 18. Visual Hacking-Shoulder Surfing Visual Privacy Audit Continued • Are employees leaving computer screens on or documents out in the open when not at their desks? • Do employees know to be mindful of who is on the premises and what they are accessing, photographing or viewing? • Are there reporting mechanisms for suspicious activities?
  • 19. Visual Hacking-Shoulder Surfing Key Points To Take Away • Visual Hackers can be anyone who has access to your office or are in close proximity • Reception areas are very vulnerable to visual hacking • What will clients/visitors think of your privacy safeguards if they can openly see information • Make sure staff are aware of the phone card shoulder surfing scenario and highlight to them using laptops and smartphones in crowded places leave them open to visual hacking • Simple safeguards and a visual privacy policy will help you protect your business
  • 21. Visual Hacking-Shoulder Surfing Further Information & Sample Privacy Audit Checklist ● For additional information on visual hacking go to my LinkedIn Profile and see my LinkedInPulse Blog ● ‘Visual Hacking An Old Tactic With A New Name’ ● https://www.linkedin.com/pulse/visual-hacking-old- tactic-new-name-bradley-w-deacon?trk=mp-reader- card