Upload
mark-randall
View
20
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Personal Identity Theft in the Web-based Business World. Presenter – Rick Weatherspoon Xtreme Computing, LLC. Agenda. Definition of ID Theft ID Theft Statistics Business Losses Types of Web-based ID Theft Hacking & Attacking Phishing WarXing/War Driving ID Theft Reporting Questions. - PowerPoint PPT Presentation
Citation preview
Personal Identity Theft in the Web-based Business World
Presenter – Rick Weatherspoon
Xtreme Computing, LLC
23 May 2006
Agenda
• Definition of ID Theft• ID Theft Statistics• Business Losses• Types of Web-based ID Theft
– Hacking & Attacking– Phishing– WarXing/War Driving
• ID Theft Reporting• Questions
23 May 2006
Identity Theft Definition
• The Deliberate Assumption of Another Person's Identity, Usually to Gain Access to their Finances, or Frame Them for a Crime
23 May 2006
ID Theft Statistics (National)
• Fastest Growing Crime in US
• U.S. Identity Fraud Crimes now total $52.6 Billion Annually *
• Per-Victim Total of $5,686
• Affects Roughly 9.3 Million Individuals in US Yearly
* Source – 2005 Study by Javelin Strategy & Research
23 May 2006
ID Theft Statistics (State)
• 5,464 Complaints Filed in Washington State (2004)
• Washington State Ranks within the Top 10 (8th)
• Complaints Rose 20% More than in 2003
23 May 2006
ID Theft Statistics (County)
0
20
40
60
80
100
120
2003 2004 2005 2006
College Place & Walla Walla County
Fraud
Identity Theft
* Source – Walla Walla Police Department; May 2006
23 May 2006
ID Theft Statistics (City)
0
50
100
150
200
250
2002 2003 2004 2005 2006
City of Walla Walla
Fraud
Identity Theft
* Source – Walla Walla Police Department; May 2006
23 May 2006
Business Losses Due to ID Theft
• Between May 2004 and May 2005, 1.5 Million Computer Users Lost $929 Million on ONLY Phishing Scams
• US Businesses Lose an Estimated $2 Billion Per Year on Clients who are Victims
• Businesses Lose an Average of $4,800 per Victim *
*Source – Washington State AGO Identity Theft Advisory Panel; January 2006
23 May 2006
Types of Web-based ID Theft
• Hacking & Attacking
• Phishing
• WarXing/War Driving
23 May 2006
Web-based Hacking & Attacking• Authentication Hacking
– Browsing– Cookie Theft– Session Hijacking– Network Sniffers– Password Cracking– Dictionary Attacks
• Google Hacking• SQL Injection• Directory Traversal
23 May 2006
Phishing• Attempts to Fraudulently Acquire Sensitive Consumer
Info Via False Web Pages, Emails, IMs, FAX, VOIP• Term Arises from Using Sophisticated Lures to “Fish” for
Consumer’s Financial Data & Passwords• Recently Targeting Banks, Online Payment Services, IRS
Letters• Common Tricks Include Misspelled URLs, use of
SubDomains, Altering Address Bars, Cross Site Scripting• Recent Scam Left Voice Messages to Call Bank with
Account & PIN Numbers over a VOIP Network
23 May 2006
Citibank Phishing Email Example
23 May 2006
Citibank Phishing Web Link
23 May 2006
Citibank Phishing – User Garbled URL
23 May 2006
Citibank Phishing – Invalid Credit Card Number
23 May 2006
Citibank Phishing Source
• Search with Whois Utility:IP : 219.148.0.0 - 219.148.159.255netname: CHINATELECOM-hedescr: CHINANET hebei province networkdescr: China Telecomdescr: No.31,jingrong streetdescr: Beijing 100032country: CNmnt-by: MAINT-CHINANET changed: [email protected] 20030820 source: APNIC
23 May 2006
WarXing/War Driving• Searching for Wireless Networks and Access Points by
Moving Vehicle/Bike (WLAN, WiFi HotSpots)• Captures Information Packets with WiFi-based
equipment (Laptop/PDA)• Software Freely Available to Monitor, Capture, and
Analyze Clear Text and Encrypted Data (NetStumbler, AirSnort, WEPCracker, etc.)
• Majority of Wireless Networks Use Default Settings (SSIDs, Passwords, Encryption Keys, etc.)
• Legality of War Driving Not Clearly Defined in the US
23 May 2006
Wireless Network Diagram
Internet
Firewall
Laptop
Computer
Server
PDA
802.11WiFI AP
Rogue AP
CSU/DSUModem
23 May 2006
Reporting of ID Theft• FBI/Internet Fraud Complaint Center
– 1.800.251.3221– www.ifccfbi.gov
• Federal Trade Commission– 1.877.438.4338– www.consumer.gov/idtheft/
• Internet Crime Complaint Center– www.ic3.gov/complaint
• Washington State Attorney General– atg.wa.gov/consumer/idprivacy/index.shtml
• Walla Walla Police Department – Investigations– 509.527.4434
Questions?
www.xtremecomputing.us/briefings.html