top it threats facing uh jodi ito information security officer vp it & cio office information...
TRANSCRIPT
Top IT Threats Facing UH
Jodi Ito
Information Security Officer
VP IT & CIO Office
Information Technology Services
X
FBI Honolulu Contact
Special Agent Jimmy Chen Ph: (808) 566-4294 [email protected] Report:
Suspected child pornography Intrusions/hacking attacks on systems w/ sensitive
information (not just sensitive, personal information, but also intellectual property)
Child Pornography
On a computer that DID NOT HAVE ANY PASSWORD!
No accountability Could be installed by anyone Everyone could be a suspect
Top Security Issues at UH
Copyright Violations (DMCA violations) Protecting Sensitive Info & UH Data
Breaches Protecting Users, Computers &
Networks
WE (people) are the weakest link!
What ITS is seeing…
Phishing Compromised accounts Increase reports of bot-infected
computers Increase in DMCA notices Increase in breaches
Targeted Attacks Subject of phishing attacks are specifically
selected Such as senior administrators & management Uses social engineering techniques
Very convincing messages and images: North Carolina State University:
http://www.ncsu.edu/it/security/webmail-phishing.html
Targeting CFOs
QuickTime™ and a decompressor
are needed to see this picture.
QuickTime™ and a decompressor
are needed to see this picture.
http://krebsonsecurity.com/2010/09/cyber-thieves-steal-nearly-1000000-from-university-of-virginia-college/
Compromised UH Usernames Used to send spam & phishes 87 compromised this year <20 before July Most often victims responded to
phishing emails Account used almost immediately to
send spam
Increase in Bot Traffic
ITS receiving more reports of “bot” infected machines on UH network
Most Torpig & Mebroot Torpig
uses fast flux DNS to change name of C&C and malware-infected sites
Uses java and Twitter API to generate ®ister new hostnames
Designed to harvest sensitive information such as credit card & bank account information
Copyright Violations HEOA 2008 - All universities must have:
An annual disclosure to students describing copyright law and campus policies related to violating copyright law.
A plan to “effectively combat the unauthorized distribution of copyrighted materials” by users of its network, including "the use of one or more technology-based deterrents".
A plan to "offer alternatives to illegal downloading".
Annual Disclosure
QuickTime™ and a decompressor
are needed to see this picture.
HEOA Compliance Compliance by July 1, 2010 Failure to do so: lose all federal
financial aid!
UH Statistics: 2007-2010
As of 9/2010
DMCA Notices
13 136 0 0
145
15 12 722 17
2435
18
3930
22 16 16
7995
31 3021
3546
127
3925
36
71
89 83 84 79
10590
77
133
7253
76
128
192
0
50
100
150
200
250
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Month
Notices per Month
2007
2008
2009
2010
DMCA Statistics
As of 9/2010
2007 2008 2009 2010Jan 13 24 21 105Feb 13 35 35 90Mar 6 18 46 77Apr 0 39 127 133May 0 30 39 72Jun 14 22 25 53Jul 5 16 36 76Aug 15 16 71 128Sep 12 79 89 192Oct 7 95 83Nov 22 31 84Dec 17 30 79
ITS Procedures
Identify and Notify If no response, block Currently, infringers are “counseled” and must
sign Copyright Notificationhttp://www.hawaii.edu/itsdocs/gen/sample_copyright_notification.pdf
Failure to do so, blocked & reported to Dean of Students (or supervisor/Dean/Director) for action
www.hawaii.edu/its/filesharing
UH Policies Executive Policy E2.210:
Use and Management of Information Technology Resources
http://www.hawaii.edu/svpa/ep/e2/e2210.pdf Executive Policy E2.214:
Security and Protection of Sensitive Information
http://www.hawaii.edu/apis/ep/e2/e2214.pdf
More UH Policies
UH Form 92:
UH General Confidentiality Noticehttp://www.hawaii.edu/ohr/docs/forms/uh92.pdf
System-wide Student Conduct Codehttp://www.hawaii.edu/apis/ep/e7/e7208.pdf
Protecting Sensitive Info Hawaii Revised Statutes:
HRS 487J - SSN Protectionhttp://www.capitol.hawaii.gov/hrscurrent/
Vol11_Ch0476-0490/HRS0487J/ HRS 487N - Breach Disclosurehttp://www.capitol.hawaii.gov/hrscurrent/
Vol11_Ch0476-0490/HRS0487N/ HRS 487R - Destruction of PI Recordshttp://www.capitol.hawaii.gov/hrscurrent/
Vol11_Ch0476-0490/HRS0487R/
UH Breaches RECAP 2009 April: Kapiolani CC 2010 March: Honolulu CC 2010 July: UH Manoa 2010 October (now!)
OVER 100,000 exposed records!
October Breach Still under investigation NOT PUBLIC YET! Google indexes ftp: Check all UH public websites for
sensitive information!
Open Source Tools
Find_SSN: http://security.vt.edu/Find_SSNs/index.html
Spider: http://www.cit.cornell.edu/services/spider/howto/index.cfm
SENF:
https://senf.security.utexas.edu/wiki/
Breach Notification
Determined that pursuant to HRS 487N, UH required to do a “Breach Notification”: Written notification to all affected
individuals Legislative Report due 20 days after
discovery of breach Press Release/website
UNC IncidentQuickTime™ and a
decompressorare needed to see this picture.
QuickTime™ and a decompressor
are needed to see this picture.
http://www.newsobserver.com/2010/10/14/739551/unc-cancer-scientist-appeals-her.html
Personal Information Protection POC
QuickTime™ and a decompressor
are needed to see this picture.
Key Items Campus designee: “Personal
Information Protection” Point of Contact Limiting storage and retention of
personal information to what is absolutely essential and required by law
Review and strengthen internal controls over personal information
Annual Personal Information Survey
Information Privacy & Security Council Just completed 2010 ALL systems (electronic or paper)
needs to be reported http://www.hawaii.edu/its/information/survey
Policies and Compliance
Enforce laws, regulations, policies FERPA, HIPAA, FTC Red Flags, PCI DSS,
FISMA, State & Federal laws & regulations, etc.
Legal Issues E-Discovery & Litigation holds Subpoenas & National Security Letters
Internal Investigations
Protecting Users Increase in compromised UH
usernames Used to send spam/phish
Increase because: Responding to PHISHES! Weak passwords Using unsecured computers and/or
networks
Other Unsafe Behaviors Respond to “phishes” Do not update operating systems and
applications on a routine basis Do not use or update anti-virus/anti-spyware
software Visit unsafe websites Share accounts/passwords Use unsecured wi-fi for sensitive transactions
Firesheep http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-
app-lets-you-hack-into-twitter-facebook-accounts-easily/
QuickTime™ and a decompressor
are needed to see this picture.
2011 Threat Forecast
QuickTime™ and a decompressor
are needed to see this picture.
http://www.gtisc.gatech.edu/pdf/cyberThreatReport2011.pdf
