the dark side of web 2 - liberty allianceprojectliberty.org/liberty/content/download/4230... · the...
TRANSCRIPT
![Page 1: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/1.jpg)
The dark side of The dark side of Web 2.0Web 2.0
How the drive to extend eHow the drive to extend e--commerce has commerce has come to threaten privacy and security come to threaten privacy and security
By Byron AcohidoBy Byron AcohidoMay 7, 2008May 7, 2008
![Page 2: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/2.jpg)
1999 an Age of Innocence1999 an Age of Innocence
![Page 3: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/3.jpg)
Hacking for bragging rightsHacking for bragging rights
Smith, 30
Melissa email virus De Guzman, 22
ILoveYou bug
Mafiaboy, 16
dDos pioneer
![Page 4: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/4.jpg)
“The liability should lie in the hands of the software developers who come out with programs that are defective.”
--Onel deGuzman, author ILOVEYOU virus
HacktavismHacktavism
![Page 5: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/5.jpg)
Profit motive emergesProfit motive emerges
July 2001:July 2001:
Code RedCode Red ISS wormISS wormJan. 2003:Jan. 2003:
SlammerSlammer SQL wormSQL wormJan.Jan.--Aug. 2003:Aug. 2003:
SoBigSoBig AA--F F email virus R&Demail virus R&D
Aug. 2003Aug. 2003::MsBlastMsBlast RPCRPC--DCOM wormDCOM worm
![Page 6: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/6.jpg)
•48,000 PCs infected
•$12 million damage
•18-month jail term
Jeffrey Lee Parson, 19, at his sentencing
MSBlastMSBlast copycatcopycat
![Page 7: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/7.jpg)
MSBlastMSBlast’’ss deeper impactdeeper impact
25 million PCs infected25 million PCs infectedOpen backdoor for Open backdoor for botbotimplantationimplantation
![Page 8: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/8.jpg)
billybilly gates why do you make this gates why do you make this possible? Stop making money and fix possible? Stop making money and fix
your software!!your software!!
----MSBlastMSBlast virus writervirus writer
![Page 9: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/9.jpg)
Profits become predominantProfits become predominant
Jan.Jan.--April 2004:April 2004:
Virus warVirus war MyDoomMyDoom/Bagel vs. /Bagel vs. NetSkyNetSkyMay 2004:May 2004:
SasserSasser LSASS wormLSASS wormAug. 2005:Aug. 2005:
ZotobZotob plugplug--andand--play worm play worm
Sven Jaschan,17 Antivirus vigilante,
author Netsky, Sasser
bb
![Page 10: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/10.jpg)
MyDoomMyDoom/Bagel vs. /Bagel vs. NetskyNetsky
Hey, Hey, NetSkyNetSky, , -------- ------ you you ----------, don, don’’t t ruineruine our our business, business, wannawanna start a war? start a war?
This is the W32. This is the W32. SkynetSkynet. . AnTiViRuSAnTiViRuS -- we we want to kill malware writers! want to kill malware writers!
![Page 11: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/11.jpg)
[Diabl0][Diabl0] whtwht u think about this new u think about this new worm? :o worm? :o
[Taylor][Taylor] it is pretty good...i would it is pretty good...i would imagine you will get a lot of bots imagine you will get a lot of bots
[Diabl0][Diabl0] that worm spread only for that worm spread only for money :p money :p
Farid Essebar, 19
aka: Diabl0,
author Zotob
““He didnHe didn’’t realize what he was doing was bad.t realize what he was doing was bad.””
![Page 12: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/12.jpg)
Web 2.0:Web 2.0: The dawn of cloud computingThe dawn of cloud computing
![Page 13: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/13.jpg)
Banks:
Credit card cos:
Credit bureaus:
Financial services go digitalFinancial services go digital
![Page 14: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/14.jpg)
Wholly owned sites:
CreditReporting.com Eloan.com LendingTree.com FreebieCreditReport.com moving-links.com
Affiliated sites: PrivacyMatters.comfree-credit-reports.com Credit.comFree8BureauCreditReport.comFreeCreditReportsInstantly.com speedycreditreports.comspendonlife.com.
CSC.com
Source: Experian, Equifax, TransUnion, Consumer Reports WebWatch
““Creative marketingCreative marketing””
![Page 15: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/15.jpg)
Open network Open network + anonymity + anonymity
+poor data handling+poor data handling+ high system speed+ high system speed__________________________________
= criminal opportunity= criminal opportunity
““Spontaneous collusionSpontaneous collusion””
![Page 16: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/16.jpg)
![Page 17: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/17.jpg)
Dark side of cloud computing
![Page 18: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/18.jpg)
Key cloud players
![Page 19: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/19.jpg)
“…“…the whole future of media the whole future of media and advertising will move to and advertising will move to the Internet.the Internet.””
Steve BallmerSteve Ballmer CEO MicrosoftCEO Microsoft
![Page 20: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/20.jpg)
Two criminal marketsTwo criminal markets
Stealing dataStealing dataUsing stolen data Using stolen data
![Page 21: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/21.jpg)
Three attack vectorsThree attack vectors
Insider theftInsider theftPort 25Port 25Port 80Port 80
![Page 22: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/22.jpg)
Variations on a themeVariations on a themeSocial engineeringSocial engineeringPharmPharm spamspamStock spamStock spamSpear phishingSpear phishingDrive by downloadsDrive by downloadsWeb spamWeb spamBanking Banking trojanstrojansCross site scriptingCross site scriptingSQL injectionsSQL injectionsZero day exploitsZero day exploitsTainted banner adsTainted banner adsDenial of serviceDenial of serviceCrossCross--platform attacksplatform attacksVishingVishingPolyPoly--morphicmorphic scriptsscripts
![Page 23: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/23.jpg)
SpamSpam’’s chokeholds chokehold
Source: Symantec
Feb. 2008:
80%
Mar. 2007:
70%
![Page 24: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/24.jpg)
Pervasive phishingPervasive phishing
Source: Anti-Phishing Working Group
![Page 25: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/25.jpg)
2005: 333,425
2007: 5,490,960
Source: AV-Test Labs
MalwareMalware’’s surges surge
![Page 26: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/26.jpg)
Top WebTop Web--based malwarebased malware
Source: Sophos
![Page 27: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/27.jpg)
Source: White Hat Security
Top web site flawsTop web site flaws
![Page 28: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/28.jpg)
Source: F-secure
Every major bank has been hit by banking trojans.--Mikko Hypponen
2006: 3,342
2008: 16,755
![Page 29: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/29.jpg)
Source: Damballa
Global Global botnetbotnet activityactivity
![Page 30: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/30.jpg)
40% of hosts carry botnet data exchanges
Source: Support Intelligence
![Page 31: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/31.jpg)
Source: Support Intelligence
1 1 pixel = 250 hostspixel = 250 hosts red = red = botbot
![Page 32: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/32.jpg)
Average daily botnet communiqués Jan. 2007: 7,303,148
Aug. 2006: 333,025
Source: Damballa
![Page 33: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/33.jpg)
chief concerns
![Page 34: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/34.jpg)
2006:
161 exabytes*
2010:
988 exabytes
*Exabyte = billion gigabytes
Source: IDC
Business data in digital formatBusiness data in digital format
![Page 35: The dark side of Web 2 - Liberty Allianceprojectliberty.org/liberty/content/download/4230... · The dark side of Web 2.0 How the drive to extend e-commerce has come to threaten privacy](https://reader035.vdocuments.net/reader035/viewer/2022062921/5f03b1bc7e708231d40a5008/html5/thumbnails/35.jpg)
Prepare for a Prepare for a seigeseige
Think of data as a Think of data as a valuable assetvaluable assetMake data privacy and Make data privacy and security a core security a core competencycompetency