Upload
coral
View
60
Download
0
Tags:
Embed Size (px)
DESCRIPTION
The Financial Industry vs. Advanced Persistent Threats. Tom Patterson CSO, MagTek Inc . Security.magtek.com [email protected]. A Discussion in Two Parts APTs Among Us What the Financial Sector is Doing About Them. SCREWED. “. - PowerPoint PPT Presentation
Citation preview
Tom PattersonCSO, MagTek Inc.
The Financial Industry
vs.Advanced Persistent
Threats
A Discussion in Two Parts1. APTs Among Us
2. What the Financial Sector is Doing About Them
SCREWED
“The United States is fighting a cyber-war today, and we are losing.”
The United States is fighting a cyber-war
today, and we are losing.
- Mike McConnell
“
”
“Malicious cyber activity is occurring on an unprecedented scale with
extraordinary sophistication. While both the threats and technologies associated with cyberspace are dynamic, the existing balance in
network technology favors malicious actors, and is likely to continue to do
so for the foreseeable future.”
-Dennis Blair
In Olden Days…
Today…1.ID the “Mark”2.Get Inside3.Scope it out4.Customize the Attack5.Steal and Blast6.Go underground and wait
Robin Sage
Defense in Depth?
• Encryption
• DLP
• Authentication
• Antivirus
• Firewalls
• Cracking tools
• Encryption
• Social Engineering
• Polymorphic
• Trusted users
Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures - Google SEC Filing
“
”
Newish Attack Vectors•Clickjacking•Tapjacking•BlueJacking•Social Engineering•“Trusted” relationships
More than just money!Micro Switches
6 small batteries connected to micro switches
Magnetic Read Head
Transmitter Antenna
$20 Bucks on
eBay and NOT
ILLEGAL!
Fight Back withInformation
Sharing•FS/ISAC•FICO•FBI Domain•Infragard•USSS ECTF
Take Down
in London
Financial Services Sector is the Most
Advanced in terms of Information Sharing
A scientific discovery by a University of Washington (Illinois) professor called a Magnetic Fingerprint
Fight Back withSCIENCE
AUTHENTICATE THE CARD, Not Just the
data!
•unchangeable & non-
replicable
…the card itself cannot be duplicated.
butCard data can be duplicated…
No Two Cards Are Alike!..• The random micro-particle structure of every magnetic stripe is unique
• This unique feature is a byproduct of the manufacturing process
• Every mag-stripe card has this feature
Graphical Representation of an Original and Skimmed Card
Each swipe – new password
Cannot be repeated
Device/Host Verification
Cannot be duplicated
Real-time forensics
GHKG7890schzhc89^&^&TYz7Z&GZBlIUZY*&Z^GBILY(*&(*7yhy898HIUO8Y98SD7Y*y8769Y89yyuiy98789897df890s7fdds89f7hcusahca976789s76df89as7acha8sca89ysc8a9yccya89sdy8a
9syda89dyh8&
HKA*(CHJCHBHOC*(CHOIAHCOA*&(*AYHCYX*(YC(*C(*AYC()*&AYCIULACGI^&CRTI^AGCBO&*AYC*&(TCAO*&GC*&OAGC*O&GAC*O&A*G&A(CA(*PCH()*CY(HC*(Y09*)
(*()*)(*)(*)UJ)*Y(*Y*&G*&GG&
Gdhjagdhjkgcs8dict78igclho8 7r9w87vcpo98uy0960n
pc98n opqwnp90nv9274pc8wyrnw89n6rcvlw83yv9s8v460b34tw93nv39w8ow38o984tyo9w386on9 w84t vo984tn
ty8tmp84irt vbsdase3
!#&^%&^(*&(*^$%^&(*_)+_(*&&%%^$%$#$%#^%
%&*^(*&)(*_)*)*^&%%^#$@@$$^*(&()*_*_)*)(&(^^*%&%$^#%^$#$(&^)(&_*_*_+*_*_(*(^^&
%^#%#@#@$^^&*&(&*()
(*_)*_)*(&&*^^&%%^$$%#$@#@$%%^&
HGH&&A&A&&hs7sdyd8ddfjsdfgs0f98s0d9fsklfsjhf7sfaslkfjalkfhiuahfkajhfkjahfkjahfkjahfiuaysfiuahcauischiuaschiuwhiuhciuaschiuwcbiucbiubiuwbciuwfbiuwbfiuwehfiuwehfiuwehfieuhjkwhrjwhrj
kwhrkjwhjkrhkj
0101010111010101010101010101010111110119101010119010101010191010101010101010110910101010101010110101919109119191091010101010110101011010101101010101010101
01010101010110
Strong Encryption
Dynamic Card Data
Card Authenticati
on
Reduces card data loss
from the system
Creates dynamic data with each swipe = Nothing to Steal
Stops Counterfeit Cards
from being approved =
reduces Fraud
We’ve got to out-
innovate the bad guys
with solutions that work, have staying power, are
cheap to install, and simple to use.
Read about the science and business aspects of the Magnetic Fingerprint
(MagnePrint) at www.NoCardFraud.com
If you like the elegance and security of this solution, please leave a public
comment or blog about it to your constituents.