1. what is your position within your organization? · social hacktivism . 2 about advisen: advisen...

1

Social Hacktivism

2

About Advisen: Advisen Ltd. is a privately-owned, independent and unbiased provider

of news, data and risk analytics to the commercial insurance industry.

Advisen’s mission is to deliver productivity and insight to insurance professionals. Advisen brings greater success though

technology and data, revolutionizing the way the commercial

insurance industry functions. Our customers leverage the Advisen

platform, adding power to their proprietary ability and bringing

value to their clients.

Please locate us on: www.advisen.com

Many Thanks to our Sponsor!

4

Social Hacktivism

http://corner.advisen.com

• White Paper:

Hacktivism: The Growth and Implications of this 21st Century Method of Protest

• Copy of these slides

• Recording of today’s webinar

Today’s Moderator

David Bradford- President, Research & Editorial Group, Advisen Ltd.

Today’s Panelists

Mary Beth Borgwing, Managing Director, Standish Risk Management

Larry Collins, Vice President, E-Solutions Risk Engineering, Zurich

Tom Lahiff, External General Counsel, Vigilant, Inc.

Today’s Panelists Larry Collins, Vice President, E-Solutions Risk Engineering,

Zurich

Larry has more than 35 years of experience in Risk Engineering.. As the Vice President for E-Solutions, he leads a team that provides electronic services to tens of thousands of on-line customers. He’s appeared on TV on cyber security, has spoken on a number of panels and has published several articles and white papers on Security and Privacy related risk issues. He’s done many media interviews on that subject. Larry’s team recently received the Arthur Quern Quality Awards from the Risk and Insurance Managers Society (RIMS) for their Accident Review Tool. The Arthur Quern Quality Award recognizes significant contributions within the field of risk management that raises the quality of products, processes, programs, systems and services. The recipient of the Arthur Quern Quality Award demonstrates innovation within the risk management industry and increased quality in products, services and enterprise risk management within an organization.

Today’s Panelists Mary Beth Borgwing, Managing Director, Standish Risk

Management

Mary Beth Borgwing is a finance and technology savvy senior executive with general management, strategy, finance, technology and operations experience in financial services, global insurance, healthcare, manufacturing and small business market segments. She has extensive start-up and turn around experience with a strong track record for problem solving, profit and market share improvement, speedy results and team building. Mary Beth is founding member of Standish Risk Management a consulting and advisory services firm focused on the 360-degree view of operational risk. In conjunction with her work in risk & insurance she has developed the C Shift: RiskEquilibrium TM a process that creates cultures of risk awareness. The firm currently works with teams and companies in high growth sectors, financial services, and Fortune 500. Prior to Standish Risk Management, Mary Beth served as Chief Financial Officer and Treasurer Sentillion (MFST: US), an IT Security Healthcare company and FAST Company (Morningstar, Inc.). Also she served as EVP at Arthur J Gallagher (AJG), SVP at Willis Group Holdings (WSH) and VP at Marsh (MMC) where she managed client risk strategy and business development in Boston and New York City. Before Sentillion, she held a number of senior positions in financial management performing turnarounds, starting up corporate divisions and advising high growth technology companies.

Today’s Panelists Tom Lahiff, External General Counsel, Vigilant, Inc.

Tom is currently external general counsel and corporate secretary to Vigilant, Inc., which provides managed security information and event management services to Fortune 100 companies. Prior to joining Vigilant, he was a director in the information management practice at PricewaterhouseCoopers, having previously served for 17 years as Vice President and Assistant General Counsel of Citibank, N.A., from 1990 to 2007. While at PwC, Tom helped clients manage the lifecycle of unstructured corporate information to maintain regulatory compliance, manage discovery costs, and leverage intellectual capital. He advised Fortune 100 clients in the transportation, technology, consumer product, and energy sectors on information management. He also developed tools to help firms manage discovery and outside legal expenses. While at Citibank, he worked in the e-commerce and IP units, developing strategies to monetize and defend the Firm’s intellectual property. He also helped develop the Firm’s information security policy and worked with the Bulge Bracket group of financial institutions to respond to the federal banking regulators request for a financial industry business continuity plan. He also worked on the Firm’s response to the electronic discovery amendments to the Federal Rules of Civil Procedure. He helped draft and implement a document retention schedule and legal hold process.

Can you define “hacktivism” and give some history? What are these groups hoping to achieve?

Dave Bradford- Advisen Ltd.




Hacktivism and Hacktivists

Who are they and what do they want?

• Hacktivism is the use of computers and computer networks as a means of protest to

promote political ends.

• Hacktivism is a business problem, not a technology problem.

• Hacktivism is the te h ology orld’s approa h to politi al a ti is . • Deals with reputation and public image

• Large, high-profile organizations are preferred targets,

• Differentiated only by motive from cyber thieves

• Usually issue specific

• Against something or someone.

• VS West

• VS Capitalism

• VS government privacy

• Know Your Enemy

• I the syste here the religio a d sa red thi gs are ot ho ora le, a d o ly aterial, money and finance have value, this seems a suitable and effective way to act and can

i flue e go er ors a d de isio akers.

Al Qassam Brigades


Underlying Causes

• Politically motivated

• Market Visibility / Major Brand

• Perceived social wrong doer

• Politically incorrect public image

• Cyber war

• Recent bank attacks may be the work of a foreign government.

• Retaliation for sanctions and other on-line attacks

• Ricochet revenge

• Financial industry – much harm is possible

• Electrical industry – can shut down the U.S. economy

• Government policy

• DoD and CIA are frequent targets

• Law enforcement

Hacktivists – who are they?

Cult of the Dead Cow

• Who are they / Ho ig are they? / Who’s i their group?

• a computer hacker and DIY media organization founded in 1984 in Lubbock,

Texas.

• Coi ed the ter hacktivist O ega, a ult e er • What’s their goal

• Global Domination Through Media Saturation

• What have they done lately?

• Released the various BackOrifice tools to the hacker community.

http://en.wikipedia.org/wiki/Back_Orifice_2000


Izz ad-din Al qassam

• Who are they / Ho ig are they? / Who’s i their group?

• Though U.S. intelligence officials have said the hackers responsible for the

assaults on banks may have ties to Iran, the al Qassam hacktivists say they are a

group of volunteers who operate across cyberspace without a leader or

geographi ase. There is o spe ial leader, al Qassa rote. I fa t olle ti e de isio aki g leads us to o e.

• What’s their goal

• U.S. Defense Secretary Leon Pa etta des ri ed the atta k as u pre ede ted i terms of scale and speed.

• Many of the largest U.S. financial Co’s targeted:

• Bank of America, U.S. Bancorp,

• SunTrust, Capital One,

• Regions Financial, PNC

• Wells Fargo.

http://news.softpedia.com/news/Chase-Bank-Site-Suffers-Outage-Muslim-Hackers-Take-Credit-293681.shtml


Anonymous

• Who are they

• We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect

us.

• What’s their goal

• They see themselves as activists and protectors of free speech, and tend to rise

up most powerfully when they perceive a threat to internet freedom or personal

privacy.

• What have they done lately? Sept 2012 site take downs

http://en.wikipedia.org/wiki/File:Anonymous_emblem.svg


WikiLeaks

• Who are they?

• WikiLeaks is an international, online, not for profit organization which publishes

secret information, news leaks and classified media from anonymous sources.

• What’s their goal • Our goal is to bring important news and information to the public. We provide

an innovative, secure and anonymous way for sources to leak information to our

journalists (our electronic drop box).

• What have they done lately?

• Risks to intellectual property

• Disgruntled employees

http://www.wikileaks.ch/


Cutting Sword of Justice?

17

• One of the most successful attacks to date.

• 30,000 computers affected

• Major impact

• Theoretically about Saudi policies

• We, behalf of an anti-oppression hacker group that have been fed up of crimes

and atrocities taking place in various countries around the world, especially in

the neighboring countries such as Syria, Bahrain, Yemen, Lebanon, Egypt and ...,

and also of dual approach of the world community to these nations, want to hit

the main supporters of these disasters by this action..

• May be state sponsored

• More likely an Aramco insider

• May never know.

http://news.softpedia.com/news/Saudi-Aramco-Breach-Investigators-Insist-Insiders-Are-Involved-291062.shtml


Risk Management Response

18

• How do I defend myself?

• Understand your public image! Does the public see me differently than

my advertising message?

• Understand what information your company has.

• Implement a risk management strategy which uses multiple layers of

security that cost an attacker additional time and effort.

• Utilize controls in areas such as identity management, access

management, encryption and DLP technologies.

• Be aware of attack trends. Hacktivists can and do!.

• When a new attack is witnessed it should serve as an indicator of attacks

to come.

The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.

© Zurich American Insurance Company 2012.

Thank you

The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. © Zurich American Insurance Company 2012.

What are some of the techniques used by hacktivists?





Who are hacktivists most likely to attack?





How are hacktivists using the Cloud to launch attacks? What new technologies are they exploiting?





How does a hacktivist differ from a cyber terrorist? Are there state-sponsored hacktivists?





Why is it so difficult to identify and take action against hacktivists?





What are the legal issues associated with hacktivist attacks?





What action is the U.S. government taking against hacktivists?





What should an organization do if it is the victim of a hacktivist attack?





How can risk managers help manage this threat?





What insurance coverages would respond to a hacktivist incident?





Q&A





Many Thanks to our Sponsor!

Many Thanks to our Panelists!




33

White Paper: Available on Advisen’s Corner Store

34

Upcoming Advisen Webinars

Visit http://corner.advisen.com/advisen_webinars.html for the 2012 Webinar Schedule

Trends in Business Globalization: The Implications

for Employees Health and Safety & Solutions for

Addressing Them

Wednesday, December 12, 2012 at 11am EST

End of Year: Wrap-Up

Thursday, December 13, 2012 at 11am EST

http://corner.advisen.com/advisen_webinars.html

35

Upcoming Advisen Conferences

Visit http://corner.advisen.com/advisen_conference.html for the 2012

Webinar Schedule

Date: Thursday, January 31, 2:00 PM EST

https://advisen.omnovia.com/register/41841336591883

http://corner.advisen.com/advisen_conference.html

36

How to reach us: Advisen Ltd.

1430 Broadway

8th Floor

New York, NY 10018

www.advisen.com

Voice: +1.212.897.4800

Fax: +1.212.972.3999

[email protected]

http://www.advisen.com/

1. what is your position within your organization? · social hacktivism . 2 about advisen: advisen...

Documents