Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Thursday, September 24, 20158:30 - 1:00 pm
* B r e a k fa s t & L u n c h p r ov i d e d *
Meeting Location : The University Club of Tampa - 201 N. Franklin Street, 38th Floor, Tampa, FL 33602
Parking Instructions : Parking is available in the Fort Brooke Garage at the NW corner of Florida and Whiting. The 3rd floor of the garage has a covered walk-over to the building.
Arrival : Please arrive 5-10 minutes prior to your session’s start time to allow yourself plenty of time to check in and get settled.
Dress : Business Casual. Please also consider bringing a sweater or jacket for your comfort.
CPE: 4 hours Technical business
Welcome from Saltmarsh & Program OverviewLee Bell, CPA, Saltmarsh, Cleaveland & Gund
8:30 Cybersecurity and Leadership Solutions James Risler, Cisco Systems
9:15 Cybersecurity Awareness David Fiedorek, FDIC Kishan Patel, FDIC
10:00 Break
10:15 Rise of the Underdark: An Introduction into the Deep Web and Stealing for a Living Tim Leonard, Commericial Bank of Texas
11:15 The Cybersecurity Assessment Tool and Technology Predictions for 2016 Stephen Reyes, CISA, Saltmarsh, Cleaveland & Gund
12:00 Lunch
September 24, 2015The University Club of Tampa
Keep the Conversation Going!Use #SaltmarshBankTalk before, during and after each session to share your questions,
feedback and event photos!
Speaker Biographies
James Risler | Cisco [email protected]
James Risler, CISSP and CCIE No. 15412, is a systems engineer and manager of security content development for Cisco Systems. His focus is on security technology and training development. He oversees a team of security course developers and is responsible for leading the security training courses product development efforts for Learning@Cisco. Risler has more than 20 years of experience in IP internetworking, including the design and implementation of security solutions for enterprise networks. His area of expertise is Cyber security, threat defense training, virtual private networks, and firewall configuration. Risler has spoken at numerous conferences on security topics and was named Distinguished Speaker for Cisco Live 2015.
Prior to joining Cisco Systems, Risler provided Cisco security training as a Certified Cisco Systems Instructor (CCSI) and consulted for Fortune 500 companies and government agencies. He has two bachelor’s degrees from University of South Florida and a MBA in Information Technology from The University of Tampa and is currently working on his Masters of Science in Cybersecurity.
David Fiedorek | Federal Deposit Insurance Corporation (FDIC)[email protected]
David Fiedorek joined the FDIC in 1987 first assigned to the Harrisburg, PA field office. He became a commissioned examiner in 1990 and has led and participated on many community bank and larger bank Safety & Soundness and Information Technology examinations over the course of his career. Currently a Senior Examiner, Mr. Fiedorek has worked in the Tampa/Gainesville, Florida territory within the FDIC Atlanta Region since relocating to this area in 2001 and is currently serving as a IT training program coach for other FDIC examiners seeking to gain a broader skill set in this area. He currently resides in Clearwater, Florida.
Kishan Patel | Federal Deposit Insurance Corporation (FDIC)[email protected]
Kishan G. Patel currently serves as an Information Technology Examination Analyst (ITEA) for the Risk Management Supervision (RMS) division at the Federal Deposit Insurance Corporation. Mr. Patel is responsible for examining small to large banks in the Atlanta region, which covers, Alabama, Florida, Georgia, North Carolina, South Carolina, West Virginia and Virginia.
Mr. Patel previously served as an Investigator for the Division of Resolutions and Receiverships at the FDIC at the Temporary Satellite Office in Jacksonville, Florida. He oversaw and helped to manage banks in Florida, Tennessee and Georgia.
Mr. Patel is a Florida licensed Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and holds numerous other certifications. Mr. Patel graduated from Victoria University, Wellington, New Zealand with a Bachelor of Commerce and Administration (BCA) and the University of North Florida, Jacksonville with a Bachelor of Science (BS) in Accounting.
2015 Financial Institution Techonology Funnel | Saltmarsh, Cleaveland & Gund
Financial Institution Technology FunnelSpeaker Biographies
Stephen Reyes, CISA | Saltmarsh, Cleaveland & [email protected]
Stephen is the shareholder in charge of the Information Technology Services Department of Saltmarsh, Cleaveland & Gund. He joined the firm in 1997 and has been practicing in this field since 1990. His experience includes computer networking and technology consulting. Stephen is a Certified Information Systems Auditor, Microsoft Certified Systems Engineer and a Cisco Certified Network Associate. He also holds certifications with ISACA, Novell, Citrix, and CompTIA. Stephen has assisted a number of financial institutions with IT compliance audits, security audits, as well as system selection, implementation and conversion.
Tim Leonard | Commercial Bank of [email protected]
Tim Leonard is the Chief Information Officer of Commercial Bank of Texas. Tim has over 15 years of banking experience and has served in various management positions including information technology, bookkeeping, proof and transit, operations and call center. His passion for banking and education has given him opportunities to speak at state and national conventions concerning IT infrastructure, management and information security. His style is a fantastic mix of high energy, humor and heart and his presentations consistently score high marks with attendees.
He graduated from Stephen F. Austin State University, in Nacogdoches Texas and married his high school sweetheart. They have two sons, ages 14 and 11.
2015 Financial Institution Techonology Funnel | Saltmarsh, Cleaveland & Gund
Cyber Security and Leadership
SolutionsPresented By: JAMES RISLER
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
1
Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.
Cyber Security and Leadership Solutions
James RislerManager – Security Content Development MBA, CISSP #456200, CCIE# [email protected]
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
• The “Why”
• Trends
• Threat Landscape
• Examples of Cyber Attacks
• Business Challenge
• People Problem
• Recommendations
• Conclusion & Q&A
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The “Why”
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Anthem
Home Depot
JP Morgan
Adobe
Target
Univ. of MD
Neiman Marcus
TJ Maxx
Sony
Zappos
Citigroup
Florida Courts
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• Over 15% of attacks are targeted at financial institutions
• Attacks include :
DDoS
Spyware
Ransomware
Mobile devices
SPAM
Web Exploits
• Source : IDC ™
Attacks per vertical segment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
• 2008 – 100 Million Credit and debit card numbers stolen by spyware from Heartland Payment Systems
• 2014 – 76 Million household accounts and 7 million SMB accounts compromised at JP Morgan Chase
• 2015 - DDoS attack launched on OP-Pohjola and Danske Bank
• ... And more :European Central Bank extortion attempt
Multi-bank attack by Eurograbber
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
4
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Increased Attack
Surface
APT’SCyberwar
Spyware and
RootkitsWorms
Antivirus(Host-Based)
IDS/IPS (Network
Perimeter)
Reputation (Global)
and Sandboxing
Intelligence and
Analytics (Cloud)
Enterprise
Response
20102000 2005 Tomorrow
Threat Landscape is Evolving…
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
It is a Communitythat hides in plain sight
Missed by Point-in-time Detection
Cisco
100 percent of companies surveyed by Cisco have connections to domains that are known
to host malicious files or services. (2014 CASR)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
5
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Social Engineering Technical Exploit Zero-day Attack
Phishing, Spam Malvertising
Patching, new vulnerabilities
Unknown code exploits
Top Cyber Risks for Users
Untrustworthy sources
Clickfraud and Adware
Outdated browsers
10% 64%IE requests running latest version
Chrome requests running latest version
vs
2015 Cisco Annual Security Report
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
20001990 1995 2005 2010 2015 2020
Viruses1990–2000
Worms2000–2005
Spyware and Rootkits2005–Today
APTs CyberwareToday +
Hacking Becomesan Industry
Sophisticated Attacks, Complex Landscape
Phishing, Low Sophistication
ILOVEYOUMelissaAnna Kournikova
NimdaSQL SlammerConficker
AuroraShady RatDuqu
BotnetsTedrooRustockConficker v2
Welcome to the Hackers’ Economy
Source: CNBC
Global Cybercrime
Market: $450B-$1T
How Industrial Hackers Monetize the Opportunity
Social Security
$1 MedicalRecord>$50
DDoSas a Service
~$7/hour
DDoS
CreditCard Data$0.25−$60
Bank Account Info>$1000
depending on account type and balance
$
Exploits$100k-$300K
Facebook Account$1 for an account
with 15 friends
Spam$50/500K emails
Malware Development
$2500(commercial malware)
Mobile Malware$150
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
7
YEARSMONTHS
Impact of a Breach
HOURS
Breach occurs data in breaches is stolen in
of breaches remain undiscovered for
Information of up to individuals on the
black market over last three
Source: Verizon Data Breach Report 2014
START
Examples of Cyber Attacks
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
• 4 Key South Korean Targets
Phishing against Hyundai Merchant Marine
• Infecting Systems
Trojan Dropper – DLL library against Windows 7
• Install Spying Modules
Key Stroke Logger, Directory Listing, Remote Control & Execution, Remote Control Access
• Disable Firewall
• Communication
Command and control Bot done through a Bulgarian web-based free email server
• Regular Reporting and RC4 Encryption and Exporting of Data
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
9
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
1. Phish HVAC VendorSteal credentials – Target hosted web server
2. Scan Network – Determine HVAC vendor access shared web server
1. Upload PHP Script to Web Server – Vulnerability in Application
1. Control of Webserver – Scan for relevant targets for propagation (MSSQLSvc/Billing)
1. Attack Microsoft AD Domain – Steal access tokens on Webserver (Pass-the-hash)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
6. Create new Admin Account in MS AD Domain
7. Propagate to relevant computers (“Angry IP Scanner”) by pass security solutions (Tunneling with PsExec’s)
7. Attack SQL Server – Steal 70 Million PII records (no credit cards because PCI compliant) • Osql.exe• Isql.exe• Bcp.exe
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
10
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
9. Download POS Malware and install on POS (“Kaptoxa” Malware)
10.Send stolen Credit Card info to network share (FTP transfer)
10.Upload Credit Card information to FTP site
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
If you knew you were going to be compromised, would you do security differently?
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
11
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Sophisticated Attackers
Complex Geopolitics
Boardroom Engagement
Misaligned Policies
Dynamic Threats
Defenders
Complicit Users
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Industrializationof Hackers Evolving Borders Compliance
• Zeus, Phishing, Mules
• Targeted Attacks for Profit
• Advanced Persistent Threats (APT)
• Cyber and Economic Espionage
• Traditional Signature Enforcement less EffectiveInflux of Mobile Devices, BYOD
• Dual Profiles—Personal and Corporate
• Access Policy Inconsistent, Difficult to Maintain
• Rapid Growth of Regulatory Requirements: PCI, HIPAA, NERC CIP, FISMA, SOX, ISO
• Legal Liabilities Drive Internal Requirements
• Little to No Guidance On How to Meet New Standards
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
12
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Security Breaches are Costly
23
Security is the #1 Issue for Your Customers
Protect Now the Value You Intend to Create Tomorrow
Cyber Security is a Boardroom Discussion
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Summary Cisco 2015 Annual Security Report Key Findings
• Lack of Security Leadership in Small companies (only 22 percent respondents see security has high priority)
• Gap between CISO and SecOp Manager in terms of confidence
• Less than 50% of respondents use following tools:• Identity Administrator or user provisioning
• Patching and configuration
• Penetration testing or Endpoint Forensics
• Vulnerability scanning
• Only 40% of companies do Correlated event/log analysis
Solution
• New approaches to Security through alignment with People, Process and Technology
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
13
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
• “Caught in the middle are the users. But now, it appears they not only are the targets, but also the complicit enablers of attacks.”
• “Users’ careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure”
• People are part corporate system
Solution
• Training Programs
• Leadership from Executives on down
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
New Focus - Attack Continuum
Visibility and ContextMission Critical Business Systems and Solutions
BEFOREDiscoverEnforce Harden
DiscoverEnforce Harden
AFTERScope
ContainRemediate
ScopeContain
Remediate
Detect Block
Defend
Detect Block
Defend
DURING
Policies, Process and People
Response Policyand
Communication Strategy
Monitoring Impact MitigationIdentification
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
14
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• Develop a Cybersecurity Management Framework
• 3 Distinct Layers with seven discret focus area
1. Strategy – Define, document, and publish
2. Operational – develop operational standards, process, and proceedures
3. Tactical – implement security controls and monitoring with defined metrics
• Critical – Executive Sponsorship
• Plane for … Before During and After the Attack
What is the critical components of the business?
Have you done a risk assessment?
Use existing business cases (Target, Home Depot, etc)
How will the board respond to a Cyber attack?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
• Threat Landscape Rapidly Changing
• Business Leaders must drive security
• Business Challenge - Tools, Process, and People
• Cybersecurity Framework is critical
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
15
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Cisco 2015 Annual Security Report
Now available:
cisco.com/go/asr2015
Verizon 2015 Data Breach Investigation Report
http://www.verizonenterprise.com/DBIR/
Questions/Discussion?
Thank You
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
16
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
http://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-management-programs.pdf
http://www.datacenterdynamics.com/security/ciscos-2015-security-report-its-a-people-problem/94536.fullarticle
Cyber Security AWARENESS
Presented By: DAVID FIEDOREK & KISHAN PATEL
9/17/2015
1
Cybersecurity Awareness
ObjectivesCybersecurity
Discuss the Evolution of Data Security Define Cybersecurity Review Threat Environment Discuss Information Security Program
Enhancements for Cyber Risk Threat Intelligence
Third-Party Management
Resilience
Incident Response
Describe Cybersecurity Assessment Tool
2
9/17/2015
2
3
Evolution of Data SecurityCybersecurity
Evolution of Data Security Cybersecurity
4
9/17/2015
3
Evolution of Data SecurityCybersecurity
Emerging
ATM
5
The National Institute of Standards and Technology (NIST) defines cybersecurity as:
“The process of protecting information by preventing, detecting, and responding to
attacks.”
NIST Framework for CybersecurityIdentify Detect Respond
Protect Recover
6
DefinitionCybersecurity
9/17/2015
4
Appendix B to Part 364Cybersecurity
II. Standards for Information Security Ensure the security and confidentiality of customer
information;
Protect against any anticipated threats or hazards to the security or integrity of such information;
Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer; and
Ensure the proper disposal of customer information and consumer information.
7
Information Security IncidentsCybersecurity
201442.8 million
201328.9 million2012
24.9 million201122.7 million
2010 9.4 million2009
3.4 million
Source: PwC.com8
9/17/2015
5
People and PatchesCybersecurity
“…a campaign of just ten e-mails yields a greater than 90% chance that at least one person will become the criminal’s prey…”
“…11% of recipients of phishing messages click on attachments.”
9
Source: Verizon 2015 Data Breach Investigations Report
People and PatchesCybersecurity
“99.9% of the exploited vulnerabilities had been compromised more than a year after the associated [patch] was published.”
“Ten [vulnerabilities] accounted for almost 97% of the exploits observed in 2014.”
“In 2014, there were 7,945 security vulnerabilities identified. That is 22 new vulnerabilities a day. Nearly one an hour.”
10
Sources: Verizon 2015 Data Breach Investigations ReportNopSec
9/17/2015
6
Threat EnvironmentCybersecurity
11
Growing Vulnerabilities Interconnected systems
New delivery channels
Legacy products
Emerging/Unknown
Increasing Threats Number/types of actors
Nature/volume of attacks
Level of sophistication
Emerging/Unknown
Threat Environment: VulnerabilitiesCybersecurity
Technological Weakness in hardware, software, network, or system
configurations
Organizational Lack of awareness of threats/vulnerabilities, incomplete asset
inventories, weaknesses in/over-reliance on third parties
Human Exploitation of human behavior such as trust and curiosity
Lack of effective security awareness training
Physical Theft, tampering, device failure, or introduction of infected media
12
9/17/2015
7
Threat Environment: ActorsCybersecurity
Cyber Criminals - Financially motivated; attacks include account takeovers, ATM cash-outs, and payment card fraud.
Nation States - Attempt to gain strategic advantage by stealing trade secrets and engaging in cyber espionage.
Hacktivists - Maliciously use information technologies to raise awareness for specific causes.
Insiders - Abuse their position and/or computer authorization for financial gain or as a response to a personal grievance with the organization.
13
Threat Environment: Attacks Cybersecurity
Malware/Destructive Malware e.g., Key Loggers, Trojans, Ransomware, Wiper
Phishing/Spear Phishing Distributed Denial of Service (DDoS) Compound Attacks e.g., DDoS/Corporate Account Takeover,
Phishing/Trojan
The Unknown
14
9/17/2015
8
Threat Environment: ExampleCybersecurity
This image cannot currently be displayed.
15
ExecutionInstallationEmail
• Account Takeover• Ransomware• Data Theft• Data Destruction
Potential Concerns
PatchesPeople Detection
Information Security ProgramCybersecurity
16
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
9/17/2015
9
GovernanceCybersecurity
Board and Senior Management Responsibilities and Duties Ensure strategic planning and budgeting provide sufficient
resources.
Provide sufficient authority, resources, and independence for information security.
Ensure policies and procedures address cybersecurity.
Incorporate cyber risk into the risk-based audit plan.
Provide reporting that assures the Board the ISP is working and included cybersecurity.
Cyber Risk is a Business Risk!
17
Information Security ProgramCybersecurity
18
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
9/17/2015
10
Risk AssessmentCybersecurity
Governance and accountability
Enterprise-wide asset inventory
Multi-disciplinary approach
Threat analysis including cyber risks
Identify inherent risk, determine controls, quantify residual risk
Assesses changes in technology, operations, and cyber threat environment
19
Control StructureCybersecurity
Cyber Hygiene Security Awareness Training
Patch Management
Information Security Staff
Access Controls (Privileged Access)
Authentication
Detection Programs
20
9/17/2015
11
Control StructureCybersecurity
Security Awareness Training Enterprise-wide
Role-specific
Customers/Merchants
Third Parties
Cybersecurity Culture
21
“Think Before You Click”
Control StructureCybersecurity
Patch Management Formal written policy and procedures
Develop system for identifying, prioritizing, applying, and testing patches
Create/maintain asset inventories Software (Microsoft and Non-Microsoft)
Firmware (routers and firewalls)
Integrate threat intelligence
Mitigate risk from unsupported operating systems and applications
Report to board and senior management
BE TIMELY
IT Audit and internal reviews should validate22
9/17/2015
12
Control StructureCybersecurity
Information Security Staff Evaluate Staffing Adequacy
Organizational Chart
• Independent functions
Job Descriptions
Certifications
• e.g., Microsoft Certified Professional, CCNA, CISA, CISSP
Annual Training
• Internal Training
• External Training: e.g., ISACA, MISTI, Learning Tree, RSA Conference, NACHA Conference
23
Control StructureCybersecurity
Access Controls
Administered by an independent group
Emphasis on review of privileged access
Annual or regular, independent review of user access
24
9/17/2015
13
Control StructureCybersecurity
FFIEC Supplement to Authentication in an Internet Banking Environment Annual Risk Assessments
Layered Security• Anomaly Detection (Retail/Business Accounts)
– Initial Login/Authentication and Funds Transfers
• Administrative Controls (Business Accounts)
Customer Awareness and Education
25
FIL-50-2011
Control StructureCybersecurity
Detection Programs Anti-virus Software/Malware Detection
Intrusion Detection/Intrusion Prevention
Activity Logging• Systems• Frequency/Content/Retention• Review/Automation• Reporting
26
9/17/2015
14
Information Security ProgramCybersecurity
27
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
Disaster Recovery/Business Continuity PlanningCybersecurity
Ensure cyber threats are added to business impact analysis (BIA) Include probability and impact to critical applications and
systems identified in BIA
Ensure cyber threats identified in BIA are incorporated in recovery plans
Include cyber scenarios in business continuity tests
28
9/17/2015
15
Information Security ProgramCybersecurity
29
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
Program
Charter/Policy
Committee
Universe (Scope)• Risk Assessment• Cybersecurity
Plan/Budget
Reporting
Findings/Tracking
30
AuditCybersecurity
Types
General Controls
GLBA
Vulnerability Assessment
Penetration Test
ACH/Wires
Social Engineering
9/17/2015
16
Information Security Program: RefocusedCybersecurity
31
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
FFIEC Guidance: “Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement,” dated November 3, 2014 “Financial institution management is expected to monitor and
maintain sufficient awareness of cybersecurity threats and vulnerability information so they may evaluate risk and respond accordingly.”
Participation in Financial Services Information Sharing and Analysis Center (FS-ISAC) is encouraged.
FFIEC Business Continuity Planning Handbook, Appendix J released on February 6, 2015 –Strengthening the Resilience of Outsourced Technology Services
32
Information Security Program: RefocusedCybersecurity
9/17/2015
17
Information Security Program: RefocusedCybersecurity
33
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/
Restoration
Threat Intelligence: FS-ISACCybersecurity
• iSight Partners
• Secunia
• Wapack Labs
• NC4 Phy Sec
• MSA Phy Sec
Pri
vate
So
urc
es
34
9/17/2015
18
Alert Types
ANC: Announcements
CYT:Cyber Threat
CYI: Cyber Incidents
COI: Collective Intelligence
CYV: Cyber Vulnerability
PHT:Physical Threats
PHI: Physical Incidents
Depending on your role, you don’t have to follow every update, but FS-ISAC
recommends following these key reports. Doing so will limit emails to about 10/day.
Step 2: Understand the Criticality and Priority
• ANC = Priority 1-10, 8-10 is high priority• CYT = Risk 1-10, 8-9 is Urgent, 10 is Crisis• CYI = Risk 1-10, 8-9 is Urgent, 10 is Crisis• COI = No Criticality Metric• CYV = Risk 1-10, 8-9 is Urgent, 10 is Crisis• PHT = Risk 1-10, 8-9 is Urgent, 10 is Crisis• PHI = Informational, Minimal Impact, Moderate Impact,
Significant Impact, Major Business Disruption
Step 3: Make Choices Based on Role
• Analysts and those involved in risk assessment or vulnerability/patch management should receive CYV alerts.
• Intelligence analysts may also want to participate on the Cyber Intel listserv. POCs are automatically added, but a portal account is not necessary if you wish to add additional analysts to the distribution
• Provide portal accounts to your staff based on each individual’s role. This will allow them to employ portal filtering for their unique assignments
• Provide summary reports for mangers and technical reports for analysts. Making informed choices based on your role eliminates unneeded emails
Step 1: Understand the Alert Type
35
Threat Intelligence: FS-ISACCybersecurity
Be aware of FS-ISAC’s Traffic Light Protocol.
The abbreviation and criticality level will always appear in the subject
line, along with the title.
Following the TLP Color, the alert will go into more detail such as the
type of threat, summary, and handling instructions.
36
White Share freely but copyrighted
GreenShare among FS‐ISAC members and
partners only. Not public.
Amber Share among FS‐ISAC members only.
Red Restricted to a defined group.
Threat Intelligence: FS-ISAC AlertCybersecurity
9/17/2015
19
Threat Intelligence: US-CERT AlertCybersecurity
CVE Patching InformationAffected Products
37
Threat Intelligence: FBI Flash AlertsCybersecurity
38
9/17/2015
20
Threat Intelligence: FDIC Communications Cybersecurity
Prevention:
TO: Institution CIO and CISO
Detection:
Response:
Vendors have released patches for all seven of these vulnerabilities.
39
Threat IntelligenceCybersecurity
External Sources FS-ISAC
US-CERT
Third-Party Servicers• e.g., core, telecommunications,
managed security services
Internal Sources Reports
• Operational Reports
• Internal Audit Reports
• Fraud Detection Reports
• Logs
Security
Board
Operations
Tellers
Committees
Executives
Audit
Fraud
Network Administrator
HR
40
9/17/2015
21
Information Security Program: RefocusedCybersecurity
41
Information
Security
Program
GovernanceStructure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
Third-Party ManagementCybersecurity
Core Transactional Internet Banking
Mobile Banking
Managed Network Security
42
9/17/2015
22
Appendix J: Third-Party ManagementCybersecurity
Relationship Management Due Diligence
Contracts
Ongoing Monitoring
Resiliency and Testing Mission Critical Services
Capacity
Service Provider Continuity Scenarios
Evaluate/Understand Gaps
Service Provider Alternatives
43
Information Security Program: RefocusedCybersecurity
44
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
9/17/2015
23
Appendix J: ResilienceCybersecurity
Incorporate the following risks/controls into business continuity plans:
Data backup architecture and technology
Data integrity controls
Independent, secondary communication providers
Layered security strategies
Enhanced planning for the possibility of simultaneous attacks
Increased awareness of insider threats
Prearranged third-party forensic and incident management services
45
Appendix J: Incident ResponseCybersecurity
Enhance and test incident response plans to incorporate potential cyber threats
Integrate service providers into incident response planning
FFIEC Guidance: “Final Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice,” dated April 1, 2005 Assess nature/scope and contain/control the incident
Notify primary federal regulator
File Suspicious Activity Report (SARs) and notify law enforcement
Notify customers if there is a reasonable likelihood the information will be misused
46
9/17/2015
24
Information Security Program: RefocusedCybersecurity
47
Information
Security
Program
Governance Structure and
Policies
Threat Intelligence
Audit Program
Third-Party Management
Risk Assessment and Control Structure
Incident Response
Business Continuity/ Disaster Recovery
Resilience/ Restoration
FFIEC Cybersecurity Assessment ToolCybersecurity
FFIEC Press Release: Cybersecurity Assessment Tool, dated June 30, 2015
Voluntary tool to assist banks in identifying their risk profile and assessing their cybersecurity preparedness
Provides banks with a repeatable and measurable process to inform management of their institution’s risks and cybersecurity preparedness over time
48
9/17/2015
25
FFIEC Cybersecurity Assessment ToolCybersecurity
Inherent Risk Profile Technologies and Connection Types
Delivery Channels
Online/Mobile Products and Technology Services
Institution Characteristics
External Threats
Cybersecurity Maturity Cyber Risk Management and Oversight
Threat Intelligence and Collaboration
Cybersecurity Controls
External Dependency Management
Cyber Incident Management and Response
49
FFIEC Cybersecurity Assessment ToolCybersecurity
Maturity Levels: Baseline
Evolving
Intermediate
Advanced
Innovative
50
9/17/2015
26
Cyber Incident ReportingCybersecurity
RMS is updating its technology incident reporting guidance. RD Memo 25-2001, Technology Incident Report
IT ViSION Help Document
Interim procedures: Report time sensitive, cyber incidents affecting critical operations of
a bank or servicer provider to your appropriate IT Examination Specialist (ITES), Case Manager, or Regional management.
For significant incidents, the ITES should report the incident to the appropriate Washington Office RMS staff.
RMS staff should first consult with the Washington Office prior to reporting bank incidents to parties outside of RMS.
Record the incident in ViSION per outstanding guidance.
51
Evolution of Data SecurityCybersecurity
Emerging
ATM
52
9/17/2015
27
Summary Cybersecurity
Understand Cybersecurity Acknowledge Threat Environment Enhance Information Security Program
for Cyber Risk Threat Intelligence
Third-Party Management
Resilience
Incident Response
Incorporate Cybersecurity Assessment Tool
53
Financial Services-Information Sharing and Analysis Center (FS-ISAC) www.fsisac.com/
United States Computer Emergency Readiness Team (US-CERT) www.us-cert.gov/
InfraGard www.infragard.org/
U.S. Secret Service Electronic Crimes Task Forcewww.secretservice.gov/ectf.shtml
The Top Cyber Threat Intelligence Feedswww.thecyberthreat.com/cyber-threat-intelligence-feeds/
54
Threat Intelligence ResourcesCybersecurity
9/17/2015
28
ResourcesCybersecurity
FFIEC IT Handbookshttp://ithandbook.ffiec.gov
FFIEC Cybersecurity Awarenesshttp://ffiec.gov/cybersecurity.htm
Financial Stability Oversight Council 2015 Annual Reporthttp://www.treasury.gov/initiatives/fsoc/studies-reports/Pages/2015-Annual-Report.aspx
Financial Institution Letters www.fdic.gov/regulations/resources/director/risk/it-security.htm
55
Director’s Resource CenterCybersecurity
Director’s Resource Center www.fdic.gov/regulations/resources/director/
Technical Assistance Video Program Information Technology (IT)
Corporate Governance
Third-Party Risk
Vendor Management (Coming Soon)
Cybersecurity 101 (Coming Soon)
Cyber Challenge: A Community Bank Cyber Exercise• Vignette 1: Item processing failure scenario
• Vignette 2: Customer account takeover scenario
• Vignette 3: Phishing and malware problem
• Vignette 4: Problem with the bank’s technology service provider
• Vignettes 5-7: Coming Soon56
9/17/2015
29
Regional ContactsCybersecurity
Atlanta Region Richard Snitzer – [email protected] Lenna Escosa – [email protected]
57
Question/AnswersCybersecurity
Questions?
E-mail Questions to:[email protected]
58
Tiina K.O. RodrigueGWU 2nd‐year Doctoral Student, Cybersecurity Leadership
Program Director, Professional Services, CipherCloudPMP, CISSP, CISM, CCNP, CCDP, CCSP, InfoSec, ITIL, CEA, A+
Agenda Cyber Risk is Business Risk Cybersecurity is not Technology Assessment Tool Great Start Boards are Key, but not Enough Resiliency = Strength via Adversity Education isn’t an Annual Test Cloud Risk – How is it Different? Cyber Insurance – Necessary? Protect Data at the Source
Cyber Risk is Business Risk Cybercrime costs estimated $445B each year (Lohrmann, 2015)
Internal threat riskier than external attack (Schneier, 2008) Payment systems are targeted focus of attack (Fischer, 2014) Enterprise and Cloud systems underlie all transactions
Probability isn’t a question any more – when breached, not if Impact includes more than just monetary loss:
Goodwill • Data Integrity Reputation • Lawsuits Criminal Action • Insolvency
CRO and Risk Committees need to include cyber risk in every risk analysis – prioritize cyber as key threat vector
Cybersecurity is not Technology Technology alone will undermine security posture (Batteau, 2011) Cyber Risk needs to also examine holistic approach to:
Policy – How regularly are policies: Created and Reviewed by the board, Updated after incidents and testing?
Process – Are the appropriate resources & steps in place to: Record the event (simulated or real) Take appropriate action Maintain chain of evidence Record root cause, lessons learned, time to remediate
People – Are they trained and tested regularly in: Cross‐duty situations? Appropriate separation of duties? Internal threat awareness?
(Bagchi‐Sen, Rao, Upadhyaya and Chai, 2010)
Assessment Tool Great Start FFIEC created a terrific assessment tool for banks (June 2015) Great start as first step on cyber‐risk journey Includes Risk Profile and Maturity Assessment Directs CEOs and Boards towards Gaps and Risks Prescriptive steps are logical follow‐on
Need to work with banks to create action, not POA&Ms Gaps need to be more than goals, but funded efforts
Boards are Key, but not Enough 80% of boards do not review risks at each meeting The majority of board’s risk committees don’t review cybersecurity plans at all (51%)
Most cyber budgets are 1% of revenues or less More than 1/3 of banks didn’t have a CISO 73% of boards were not conversant on cyber issues Boards assumed vendors had sufficient protections, and were moderately to heavily dependent upon them
(McCormick, 2015)
Resiliency = Strength via Adversity Banks are increasingly complex, adaptive systems
Need to leverage adversity to grow stronger Anticipate incidents will happen Respond and document root‐cause, remediation Correct issues, apply lessons learned holistically
Adopt improved processes, training, methods Between incidents, audit, test, train and repeat Include all staff on simulations and tests Ensure cross training between duty assignments (Egli, 2013)
Education isn’t an Annual Test Cyber Risk needs a standard curriculum
Similar to investment analysis and risk management Needs to be regular, repeated, required, refined
Boards need to focus on known and emerging risks Preparation for the breach should be well established Acknowledgement that the incident could be caused either by internal or external actors is a key issue
All aspects of technology, policy and processes should be included
Cloud Risk – How is it different?
time], (repeat as necessary) (Iorga, NIST, 2015)
Cyber Insurance – Necessary? Banks should ensure they have appropriate D&O and cyber coverage to include all areas of impact Ensure PR and Disclosure remediation efforts are included in the costs, as they can endure beyond technology resolution requirements
Ensure fiduciary duty and class‐action litigation are also covered if caused by cyber incidents
Forensics and Incident Response that ensures chain of evidence and responsibility to ensure due care should be included in the cyber plan to include appropriate insurance
(Weil, Gotshal & Manges, 2015)
Protect Data at the Source Encryption or Tokenization should cover:
Data at Rest Data in Transit Data in Process
Separation of Duties should ensure data administrators and key managers are not same person
Key management role should be held by the bank, not service provider, not shared
Need to ensure minimal impact to business functionality
9/17/2015
1
FDIC Talking Points
FDIC Cybersecurity Talking Points
“Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyber
threat to critical infrastructure continues to grow and represents one of the most serious national security
challenges we must confront.”
Executive Order 13636
2Federal Deposit Insurance Corporation
9/17/2015
2
Agenda
Agenda• Information Security + Cybersecurity
• Why Cybersecurity is Important
• Current Threats
• Cybersecurity Basics
• What institutions Should Do
• FFIEC Cybersecurity Assessment
• FFIEC Cybersecurity Assessment Key Elements• Identify Inherent Risks
• Cybersecurity Preparedness
• FFIEC Cybersecurity Assessment Key Elements
• Future FFIEC Cybersecurity Work
• Summary
• Questions
• Some Cybersecurity Sources/References
3Federal Deposit Insurance Corporation
Information Security + Cybersecurity
4Federal Deposit Insurance Corporation
As noted in several recent FFIEC Cybersecurity press releases, many of the building blocks for an effective cybersecurity program are similar to those for any well‐planned information security risk management program, including controls to prevent, detect, and respond to threats.
Information Security
“Information security is the process by which an institution protects and secures its systems, media, and facilities that process and maintain information vital to its operations. “
(SOURCE: FFIEC IT Handbooks –Information Security)
Cybersecurity
Cybersecurity is “the process of protecting information by preventing, detecting, and responding to attacks.”
(SOURCE: National Institute of Standards and Technology (NIST) Framework
9/17/2015
3
Why Cybersecurity Is Important
Cybersecurity risks translate into business risks, and those risks can ultimately have a negative financial effect on the institution.
Data must be secured to safeguard the institution’s:
• Customer information,
• financial information, and
• reputation.
5Federal Deposit Insurance Corporation
Current Threats
• Threat Actors:
o Nation‐states
o Hacktivists
o Terrorism
o Organized criminals
o Insiders
• Today’s Threat Actors deploy:
o More sophisticated attacks
o More targeted attacks
o More persistent attacks
6Federal Deposit Insurance Corporation
9/17/2015
4
Cybersecurity Basics
7Federal Deposit Insurance Corporation
Institutions should consider management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology –based attacks.
Confidentiality, Integrity and Availability (CIA)
CIA is a model designed to guide risk management practices for information security and cybersecurity within an institution.
What institutions Should Do
8Federal Deposit Insurance Corporation
• Setting the tone from the top and building a security culture;
• Identifying, measuring, mitigating, and monitoring risks;
• Developing risk management processes commensurate with the risks and complexity of the institutions;
• Aligning cybersecurity strategy with business strategy and accounting for how risks will be managed both now and in the future;
• Creating a governance process to ensure ongoing awareness and accountability.
9/17/2015
5
What institutions Should Do (Continued)
• Ensuring timely reports to senior management that include meaningful information addressing the institution’s vulnerability to cyber risks.
• Practicing their response to a cyber event just as they do for a physical event through their business continuity plan. The Cyber Challenge program.
• Talking about cyber security with their staff and their customers.
• Establishing relationships with experts so institutions know who to call in the event of a problem o regulator o local FBI contact.
9Federal Deposit Insurance Corporation
FFIEC Cybersecurity Assessment
During the summer of 2014, Federal Financial Institutions Examination Council (FFIEC) members piloted a cybersecurity examination work program (Cybersecurity Assessment). Significant findings included:
• Financial institutions have numerous access points and use a variety of connection types.
• Financial institutions use several products and services which may introduce specialized cybersecurity risks.
• Financial institutions use a vast array of technologies to support their customers and employees.
• Cybersecurity inherent risk and overall cybersecurity preparedness were reviewed.
10Federal Deposit Insurance Corporation
9/17/2015
6
FFIEC Cybersecurity Assessment Key Elements
The Cybersecurity Assessment reviewed financial institutions’ current practices and overall preparedness, focusing on the determination of:
• Cybersecurity Inherent Risk
• Cybersecurity Preparednesso Cyber Risk management and oversight o Threat intelligence and collaboration o Cybersecurity controls o External dependency management o Cyber incident management and resilience
11Federal Deposit Insurance Corporation
Future FFIEC Cybersecurity Work
12Federal Deposit Insurance Corporation
• Cybersecurity Self‐Assessment Tool
• Incident Analysis
• Crisis Management
• Training
• Policy Development
• Technology Service Provider Strategy
• Collaboration with Law Enforcement and Intelligence Agencies
9/17/2015
7
Summary
• Cybersecurity risks translate into business risks, and those risks can ultimately have a negative financial effect on the institution.
• The building blocks of an effective cybersecurity program are similar to those for any well‐planned information security risk management program, including controls to prevent, detect, and respond to threats.
• Engagement by the board of directors and senior management to include understanding of the institution’s cybersecurity inherent risk is required.
• Institution Management should Include discussion of cybersecurity issues in meetings.
• Monitoring and maintaining sufficient awareness of threats and vulnerabilities.
• Establishing and maintaining a dynamic control environment.
• Managing connections to third parties.
• Developing and testing business continuity and disaster recovery plans that incorporate cyber incident scenarios.
13Federal Deposit Insurance Corporation
Questions
14Federal Deposit Insurance Corporation
9/17/2015
8
Some Cybersecurity Sources/References
Financial institutions should have a good go‐to source for information about cyber threats. • FBI Infragard at www.infragard.org• U.S. Computer Emergency Readiness Team at US‐CERT at www.us‐
cert.gov• U.S. Secret Service Electronic Crimes Task Force at
www.secretservice.gov/ectf.shtml• FFIEC Information Technology Examination Handbook, “Development
and Acquisition” http://ithandbook.ffiec.gov/it‐booklets/development‐and‐acquisition.aspx
• FFIEC Information Technology Examination Handbook, “Information Security” http://ithandbook.ffiec.gov/it‐booklets/information‐security.aspx
• FFIEC Information Technology Examination Handbook, “Operations”http://ithandbook.ffiec.gov/it‐booklets/operations.aspx
15Federal Deposit Insurance Corporation
Rise of the underdark
Presented By: tim leonard
9/17/2015
1
Rise of the Underdark
This presentation was created by Tim Leonard and is protected via the Bitcoin BlockChain by www.proofofexitence.com.
This presentation is designed to help bankers understand thesophistication carders and thieves use to acquire data and avoiddetection. All local laws apply and nothing in this presentationshould be used for illegal or malicious purposes. The imagesused in this presentation are for educational purposes only. Fairuse applies. Tim Leonard is providing this education for thegreater good.
The views and opinions expressed, in this presentation, are notthose of Commercial Bank of Texas.
9/17/2015
2
Objectives
• Opsec and Tradecraft• Anonymous IDs• Burner Phones• Tails Operating System• TOR• Onion Browsers• Anon Emails and PGP• Bitcoins• The Dark Web / Underdark• Carding and Agent Handling
OpSecProcesses used to protect information that can be used against us. OPSEC challenges us to look at ourselves through the eyes of
an adversary .
9/17/2015
3
LEO and LEA
Tradecraft“Tradecraft, within the intelligence community, refers to the techniques used in modern espionage and generally, the activity of intelligence.” ‐ Wikipedia, September, 2014
Agent Handling Eaves Dropping
Concealment
Analytics
Dead Drops
Black Bag Ops INTERROGATION
Cryptography
Front Organization
Surveillance
Computer Espionage
9/17/2015
4
Deep Web | Dark Web | Underdark
• Drugs, Human trafficking, copyrighted media, pornography, weapons, political dissidents, stolen credit cards
• Websites end in .onion
• Only accessible with Tor
***** WARNING *****
Keep Your Mouth Shut!
9/17/2015
5
There is no such thing as a safe computer or cell phone.
Anon IDs
9/17/2015
6
Anon IDs
• A separate email is not enough
• Build elaborate online personas
• Understand the Psychology of IDs
• Lighting, Sounds, Clothes, Smells
• Writing styles ( Stylometrics)
• Believe your own lies
Allen Anderson
9/17/2015
7
Anon IDs
• Keep Separate “Golden Rule”
• Operate in large metropolitan areas
• Burner Phones, Laptops, Tails
• Public Wifi
• Anon Emails / Social Networking
• Encrypt Everything 4096 if Possible
• Dead Drops
Anon IDs“It only takes one slip to compromise your true identity”
I don’t know those fools.
9/17/2015
8
Burner Phones
Burner Phone Rules
• Cash only + No loyalty cards
• Purchase far from home
• No smart phones or GPS (getting harder)
• Removable battery!
• 60+ days till activate
• Personal “No Call List”
• Leave your regular phone at home
• Buy other stuff with only cash
9/17/2015
9
Tracking Cell Phones
• Cell Towers
• GPS
• Wifi Networks
• Bluetooth
Accuracy
Tracking: Cell Towers
Antenna Density and Location Antennae
50 – 100 M
9/17/2015
10
Tracking: Tower Dumps
A
B
C
Red = BurnerBlue = Personal
Tracking: Tower Dumps
9/17/2015
11
Burner Laptop Rules
• Pay Cash• DBAN old hard drive• Never use at house• Walk away if needed• Removable HDs are nice• Legit O.S. can decoy• Be aware of identifying info• Use Public Wifi
www.dban.org
Burner Laptop
1 2 3
9/17/2015
12
THE ONION BROWSER
Https EverywhereNever use real creds !!
THE ONION BROWSER
Tails
9/17/2015
13
Verify Tails and Build USB
9/17/2015
14
Burner PhoneBurner LaptopTails USB KeyPublic WifiCashCoffee !!
Let’s Recap
Stanford University Surveillance Lawby Jonathon Mayer
9/17/2015
15
Stanford University Surveillance Lawby Jonathon Mayer
Deep Web
9/17/2015
16
Two Rules When Operating In The
Deep Web
1. No pornography2. No politics
9/17/2015
17
9/17/2015
18
Anon Emails
• Create multiple emails across different providers.
• Create a PGP key for each email address to encrypt traffic. Use at least 4096 bit.
• Do not publish your public key to key servers.
• Never mail to or from your personal email.
• Use separate burner phones to authenticate.
9/17/2015
19
Pretty Good Privacy (PGP)
Private Key
Public Key
Private Key
Public Key
A uses B’s public key to encrypt document
A and B agree to exchange public keys
A emailes Encrypted document emailed to B
B decrypts document with private key
PGP Cont.
• Encrypt everything!
• Encryption is worthless with weak passwords.
• If your private keys are compromised so is you encryption.
• Never use any personal identifying info even if it is encrypted.
• Change your keys often.
9/17/2015
20
PGP Encrypted Email
Burner PhoneBurner LaptopTails USB KeyPublic WifiCashTorAnon EmailsPGP KeysCoffee !!
Let’s Recap
9/17/2015
21
BitCoin
Satoshi Nakamoto
What Bitcoin Is
• A decentralized digital currency
• Not under control of any govt. or central authority
• You can obtain them P2P, by selling services or products, or from on ramps.
• 1CvSGR947LmbRzRNciDmJcXyVoTGfJxdEg
9/17/2015
22
Bitcoin Cont.
Bitcoin Mixing Services
9/17/2015
23
Carding
www.tyner.com !!Clear Net!!
There are other places in the deep web
9/17/2015
24
Card Encoder
Dead Drops
• Packages should be shipped to vacant houses
• Track packages online and get quickly
• Use Tor to track packages
• Remember “Golden Rule”
• Use Mules/Runners to get packages for you
• The more layers the more anon. but more complex to manage
• Don’t get lazy!
9/17/2015
25
Counter Surveillance Routes
Agent Handling“It only takes one slip to compromise your true identity”
You Case Officer
Case Officer
Case Officer
Agents Use Cards
Agents Use Cards
9/17/2015
26
Good Side of the Darknet
Privacy and Anonymity = Freedom
9/17/2015
27
Demo
the cybersecurity assessment tool & 2016 technology predictions
Presented By: Stephen reyes