Tom PattersonCSO, MagTek Inc.

Security.magtek.comTom.Patterson@MagTek.com

The Financial Industry

vs.Advanced Persistent

Threats

A Discussion in Two Parts1. APTs Among Us

2. What the Financial Sector is Doing About Them

SCREWED

“The United States is fighting a cyber-war today, and we are losing.”

The United States is fighting a cyber-war

today, and we are losing.

- Mike McConnell

“

”

“Malicious cyber activity is occurring on an unprecedented scale with

extraordinary sophistication. While both the threats and technologies associated with cyberspace are dynamic, the existing balance in

network technology favors malicious actors, and is likely to continue to do

so for the foreseeable future.”

-Dennis Blair

In Olden Days…

Today…1.ID the “Mark”2.Get Inside3.Scope it out4.Customize the Attack5.Steal and Blast6.Go underground and wait

Robin Sage

Defense in Depth?

• Encryption

• DLP

• Authentication

• Antivirus

• Firewalls

• Cracking tools

• Encryption

• Social Engineering

• Polymorphic

• Trusted users

Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures - Google SEC Filing

“

”

Newish Attack Vectors•Clickjacking•Tapjacking•BlueJacking•Social Engineering•“Trusted” relationships

More than just money!Micro Switches

6 small batteries connected to micro switches

Magnetic Read Head

Transmitter Antenna

$20 Bucks on

eBay and NOT

ILLEGAL!

Fight Back withInformation

Sharing•FS/ISAC•FICO•FBI Domain•Infragard•USSS ECTF

Take Down

in London

Financial Services Sector is the Most

Advanced in terms of Information Sharing

A scientific discovery by a University of Washington (Illinois) professor called a Magnetic Fingerprint

Fight Back withSCIENCE

AUTHENTICATE THE CARD, Not Just the

data!

•unchangeable & non-

replicable

…the card itself cannot be duplicated.

butCard data can be duplicated…

No Two Cards Are Alike!..• The random micro-particle structure of every magnetic stripe is unique

• This unique feature is a byproduct of the manufacturing process

• Every mag-stripe card has this feature

Graphical Representation of an Original and Skimmed Card

Each swipe – new password

Cannot be repeated

Device/Host Verification

Cannot be duplicated

Real-time forensics

GHKG7890schzhc89^&^&TYz7Z&GZBlIUZY*&Z^GBILY(*&(*7yhy898HIUO8Y98SD7Y*y8769Y89yyuiy98789897df890s7fdds89f7hcusahca976789s76df89as7acha8sca89ysc8a9yccya89sdy8a

9syda89dyh8&

HKA*(CHJCHBHOC*(CHOIAHCOA*&(*AYHCYX*(YC(*C(*AYC()*&AYCIULACGI^&CRTI^AGCBO&*AYC*&(TCAO*&GC*&OAGC*O&GAC*O&A*G&A(CA(*PCH()*CY(HC*(Y09*)

(*()*)(*)(*)UJ)*Y(*Y*&G*&GG&

Gdhjagdhjkgcs8dict78igclho8 7r9w87vcpo98uy0960n

pc98n opqwnp90nv9274pc8wyrnw89n6rcvlw83yv9s8v460b34tw93nv39w8ow38o984tyo9w386on9 w84t vo984tn

ty8tmp84irt vbsdase3

!#&^%&^(*&(*^$%^&(*_)+_(*&&%%^$%$#$%#^%

%&*^(*&)(*_)*)*^&%%^#$@@$$^*(&()*_*_)*)(&(^^*%&%$^#%^$#$(&^)(&_*_*_+*_*_(*(^^&

%^#%#@#@$^^&*&(&*()

(*_)*_)*(&&*^^&%%^$$%#$@#@$%%^&

HGH&&A&A&&hs7sdyd8ddfjsdfgs0f98s0d9fsklfsjhf7sfaslkfjalkfhiuahfkajhfkjahfkjahfkjahfiuaysfiuahcauischiuaschiuwhiuhciuaschiuwcbiucbiubiuwbciuwfbiuwbfiuwehfiuwehfiuwehfieuhjkwhrjwhrj

kwhrkjwhjkrhkj

0101010111010101010101010101010111110119101010119010101010191010101010101010110910101010101010110101919109119191091010101010110101011010101101010101010101

01010101010110

Strong Encryption

Dynamic Card Data

Card Authenticati

on

Reduces card data loss

from the system

Creates dynamic data with each swipe = Nothing to Steal

Stops Counterfeit Cards

from being approved =

reduces Fraud

We’ve got to out-

innovate the bad guys

with solutions that work, have staying power, are

cheap to install, and simple to use.

Read about the science and business aspects of the Magnetic Fingerprint

(MagnePrint) at www.NoCardFraud.com

If you like the elegance and security of this solution, please leave a public

comment or blog about it to your constituents.

Tom.Patterson@MagTek.comSecurity.Magtek.com

1.562.546.6315

For More Info…