Smart Technology - the Double Edge Sword

1
Smart Technology - the Double Edge Sword

• Presented by E. Charles Sterling
• Intrinsic Technology Services www. astronet .net
• Co-presented by Bob Janusaitis
• Business 911 www. business911 .com
• Co-presented by Dennis Mark
• Redeemed Ministries www. redeemedministries
  .com
• How technology is needed in our mobile life and
  how it impacts us at home and office.

2
Introduction

• Technology is a double edge sword in our global
  communications environment.
• Parents and students need to elevate their
  knowledge of technology and share with others the
  fixes that can establish a safer environment.
• Family members need to ensure that GPS and other
  default settings are correctly set and validated
  periodically.
• Most importantly be aware that good intentions
  may not have the expected result when technology
  changes as fast as Smart Devices do in our Mobile
  environment.

3
The Double Edge Sword

• Technology that is well intended is used to harm!
• This could be due to innocence or criminal
  action!
• Office, Home, Brother, Child there are no
  boundaries.
• Oddly enough, the good tool could be used to
  Right the Wrong even though the tool may have
  created the wrong.

4
As old as the Greeks and Romans

• Most parents want life's problems to be easier on
  their children.
• The potential problem with the philosophy is that
  tools (Smart Devices) become a substitute for
  thinking or motor skills.
• Texting is a good example of communications gone
  deadly!

5
No limitation to the reach of technologynor the
Double Edge Sword

• Many office technology concerns mirror the
  concerns at home?
• Is there office technology that can be
  implemented at home to better protect the family?
• How exposed is your family to today's mobile
  environment?
• What can be done to better protect your home and
  family?
• How are cyber criminals, pedophiles and
  traffickers utilizing technology to gain victims.
  
• Next generation firewalls, White List, Monitoring
  programs and practicing Best Usage Policies at
  home and office will help keep your office and
  family safe.

6
The driving technological force Internet and
Mobile devices!

• Laptop cameras used for technical supportcan be
  used like a Nanny Cam caught in a wireless Drive
  By.
• Robbins v. Lower Merion School District is a
  federal class action lawsuit, brought in February
  2010. "WebcamGate" scandal, the schools secretly
  spied on students while they were in the privacy
  of their homes.
• July 2010, another student, Jalil Hasan, filed a
  parallel second suit. It related to 1,000 images
  that the school snapped surreptitiously via his
  computer over a two-month period, including shots
  of him in his bedroom.
• Case of laptop support going bad!

7
Cellphones
8
Are you in danger of Phone call hacking?

• Many mobile phone calls in the U.S. and Europe
  are encrypted with a stream cipher called A5/1,
  which is commonly used, in GSM (Global System for
  Mobile Communications) voice communications. A5/1
  is not secure. Its been broken for years.
• In theory, the phone companies are moving to the
  far harder to break 128-bit Kasumi encryption
  algorithm, which is used in the next generation
  A5/3 voice encryption.
• Use encryption software on your smartphones.
  These programs include PhoneCrypt, Secure Voice
  GSM, and Gold Lock.
• www. zdnet.com/blog/networking/are-you-in-danger-o
  f-phone-call-hacking/597

9
Is your Smart Phone safe at the repair shop?

• Forensic procedures expose camera images taken by
  Smart Phones as you scroll between menu's. The
  images are used to return the user to the last
  position.
• There are images beyond what the user has access
  which these are included but could as well be
  images taken of one's self while dressing or
  shaving.....
• This is a case, a Smart Device feature exposes
  the visual equivalent of PII loss. (personally
  identifiable information)
• WORKAROUND Before turning the device over to a
  3rd party take dozens of pictures of the floor.

10
HOW TO HAVE AN ANONYMOUS PHONE CONVERSATION

• Do you think your government doesnt have the
  means to listen to your phone calls? Think
  again.
• Governments from around the world, not just
  exclusive to North America, have technologically
  advanced eavesdropping programs which can capture
  mobile phone conversations without anyone ever
  knowing.
• Mas Movil Roaming Prepago is a prepaid mobile
  phone service that was specifically designed for
  use outside of Panama it works very well in the
  United States, South America, Spain, France,
  Belgium, Ukraine, and Russia.
• Your shiny new MasMovil SIM chip will have a
  unique Panamanian phone that is NOT tied to
  your name.

11
Various areas of technology
12
Local school established Pen Pal Projectbetween
children accused Pedophile

• WHAT??????
• Thursday night (12th) this was disclosed on TV.
• What could a school / pastor be thinking about to
  encourage children (w/o parents knowledge or
  permission) to become pen pals with any criminal.
  In this case the pen pal is an accused pedophile.
  
• Even having forensic means does not help to
  retrieve the loss of privacy or the ill affects
  that could be inflicted on the family.

13
The technology behind the Zimmerman arrest video

• ABC Newsthen contacted Forensic Protection of Van
  Nuys, California, to enhance the grainy video
  released by the police to see whether there was
  anything not shown in the original regarding an
  injury to Zimmermans head.
• He explained that the process involves finding a
  known object in the scene, and clarifying that
  object to the highest level possible. In the case
  of the Sanford police video, the selected object
  was a police officers badge, which was clarified
  by correcting motion blur to the point of
  legibility of the badge
• Clarity versus Alteration in this case the Best
  video approach is on focus. Secondary double edge
  sword to alter video when presented in court.

14
Home security direct connection to ISP

• Simple connection, attach computer to modem and
  you are on the Internet.
• About the limit of Level-1 support's ability.
• Problem, old school - simple firewalls are
  fairly easy to get across.
• Secure, upgrade or install Next Generation
  Firewall.
• Hardware vs. Software firewalls hardware
  physically inline first offers better defense.

15
Botnets The Dark Side of Cloud Computing. Not
all clouds are good.

• Botnets pose a serious threat to your network,
  your business, your partners and customers.
  Botnets rival the power of todays most powerful
  cloud computing platforms. These dark clouds,
  controlled by cybercriminals, are designed to
  silently infect your network. Left undetected,
  botnets borrow your network to serve malicious
  business interests.
• The cloud offers many benefits to businesses
  including lower capital operational
  expenditures related to hardware software
  ownership maintenance.
• On the other hand, cybercriminals control some of
  the most formidable cloud computing platforms in
  existence today. These dark for-profit cloud
  computing networks, known as botnets, can run
  millions of infected computers, called bots,
  which spread malware. Undetected, botnets can
  steal enough computing power to bring down your
  network and your business.
• www. sophos.com

16
Researchers Confirm Flashback Trojan Infects
600,000 Macs, Used For Click Fraud

• Kasperskys researchers reverse-engineered the
  Flashback malware and created a fake command and
  control server for collection of hijacked PCs,
  intercepting and analyzing their connections. As
  theyve detailed in a blog post, they were able
  to map out the machines locations 300,000 in
  the U.S., 95,000 in the Canada, 47,000 in the
  United Kingdom, and 42,000 in Australia, for
  instance.
• This is particularly concerning in that most
  Smart Devices run some form of a Linux
  Distribution operating system. The MAC OS is the
  BSD Linux distribution. The potential impact is
  that Smart Homes, Smart Grids and future Smart
  Devices will be penetrated more like the massive
  penetration of the Windows OS.

17
Cameras everywhere Invading or Aiding

• Soon the US will have as many cameras in its
  intersections and malls as the UK. Some consider
  this an invasion of privacy and I'd agree
  should the information collected be used
  improperly.
• Missing toddler found dead near home
• grim discovery was made after a volunteer
  launched a camera-equipped, radio-controlled
  airplane that captured images of red. Like the
  red of the shirt the missing boy was wearing in
  the corner of a pond.
• EquuSearch founder wants special master for
  deposition
• Miller is suing Casey Anthony for searches his
  group coordinated back in 2008 for Caylee
  Anthony.
• Use or Abuse of viable resources!

18
Human Trafficking2nd largest business on the
planet!Human trafficking now tied for second
place with the Gun trade, leaving Drugs as the 1
global industry.
19
Human Trafficking
Traffickers use technology every day to outsmart
law enforcement, non-profit organizations,
government agencies and concerned citizens around
the world. Human trafficking is a highly
lucrative business - the third largest organized
crime following drug and arms trafficking. It
is time that we take a collective stand against
this horrendous crime against humanity. If
traffickers can use technology to run their
illegal business, why can't we use it for good -
to thwart them and prevent human
trafficking? Human trafficking is being better
identified, more completely cataloged and is
growing daily.
20
Technology Use Among Human Traffickersand
Counter Human Traffickers

• With the use of online and mobile technology,
  trafficking of persons is even more difficult to
  identify because criminals exploit victims
  through technological means. Thus, law
  enforcement officers stipulate, sex trafficking
  itself has moved online.
• Unlike the flow of information on the Internet,
  domestic law enforcement are restricted by
  national boarders. Because of this, domestic law
  alone cannot suffice to thwart international
  criminal activity such as tracking via Internet
• Organizational efforts such as INTERPOL, the G8
  Sub-group on High-Tech Crime, the Virtual Global
  Taskforce, and the Internet Watch Foundation
  collaborate with international law enforcement
  agencies through the use of technology to share
  intelligence, information, and resources.
• Technology significantly contributes to
  collaboration with anti-trafficking efforts. It
  provides a common database for information
  sharing and creates an instantaneous way for
  agencies to communicate with one another to break
  down barriers of time and distance.
• A global problem with global support!

21
Child Family safetyChild Victims, 12.7, lt
3 yrs. old
22
Child Victim Demographics 2010

• From the Children Bureau
• www. acf.hhs.gov/programs/cb/stats_research/index
  .htmcan

23
Guard Child statisticswww. guardchild.com/stati
stics/

• 48 of young Americans from 1217 say theyve
  been in a car while the driver was texting.
• 71 of teen girls and 67 of boys who sent or
  posted sexually suggestive content say they sent
  it to a boyfriend or girlfriend.
• 70 of children 7 to 18 years old have
  accidentally encountered online pornography,
  often through a web search while doing homework.
• Girls are more likely than boys to be the target
  of cyber bullying.
• The largest group of Internet porn consumers is
  children ages 1217.
• 86 of girls claimed to be able to conduct online
  chats without their parents knowing,
• 57 could read their parents e-mail, and 54
  could conduct a cyber relationship.
• 20 of teenaged Internet users have been the
  target of an unwanted sexual solicitation
  (requests for sexual activities, chat, or
  information).
• 41 of unwanted sexual solicitations, 29 of
  unwanted exposure to sexual materials, and 31 of
  harassment occurred when children were online
  with their friends.
• We are expanding the classroom to Cloud based
  education which while on the school network is
  protected but there is NO means to control a
  Jail-Broke or Hacked or Rooted smart device.

24
Polaris ProjectOur vision is for a world
without slavery

• Polaris Project is a leading organization in the
  United States combating all forms of human
  trafficking and serving both U.S. citizens and
  foreign national victims, including men, women,
  and children. We use a holistic strategy, taking
  what we learn from our work with survivors and
  using it to guide the creation of long-term
  solutions.
• National Human Trafficking Resource Center
  hotline 1.888.3737.888
• Tools for Service Providers and Law Enforcement
• For resources and assessment tools built for
  professionals who encounter potential victims of
  trafficking.
• www. polarisproject.org/resources/tools-for-servic
  e-providers-and-law-enforcement

25
FBI info, April 2011

• Cyber Threats Against the Private Sector
• Cyber criminal threats to the U.S. result in
  significant economic losses. But the threat
  against financial institutions is only part of
  the problem. Serious concern are threats to
  critical infrastructure, the theft of
  intellectual property, and supply chain issues.
• Cyber Threats to U.S. Critical Infrastructure
• U.S. critical infrastructure faces a growing
  cyber threat due to advancements in the
  availability and sophistication of malicious
  software tools and the fact that new technologies
  raise new security issues that cannot always be
  addressed prior to adoption. The increasing
  automation of our critical infrastructures
  provides more cyber access points for adversaries
  to exploit.
• New smart grid and smart home products,
  designed to provide remote communication and
  control of devices in our homes, businesses, and
  critical infrastructures, must be developed and
  implemented in ways that will also provide
  protection from unauthorized use. Otherwise, each
  new device could become a doorway into our
  systems for adversaries to use for their own
  purposes.
• Industrial control systems, operate the physical
  processes of the nations pipelines, railroads,
  other critical infrastructures, are at elevated
  risk of cyber exploitation.

26
Eric Toth Added to Ten Most Wanted Fugitives List

• An alleged child pornographer is the newest
  addition to the FBIs Ten Most Wanted Fugitive
  List.
• Eric Justin Toth, also known as David Bussone, is
  a former private school teacher in Washington
  D.C. He is accused of possessing and producing
  child pornography.
• www. fbi.gov/news/news_blog/toth_041312?utm_campai
  gnemail-Immediateutm_mediumemailutm_sourceext
  rasutm_content87598

27
Global Fund for Women announces grant
opportunities

• The Global Fund for Women supports women's groups
  that advance the human rights of women and girls.
  The Global Fund for Women strengthens women's
  right groups based outside the United States by
  providing small, flexible, and timely grants
  ranging from 500 to 30,000 for operating and
  program expenses.
• The Global Fund for Women values local expertise
  and believe that women themselves know best how
  to determine their needs and propose solutions
  for lasting change.
• Below is the Grant application webpage.
• www. globalfundforwomen.org/apply-for-a-grant/

28
Spain to Use DNA database to Track Stolen Babies

• Spains government announced Thursday it will set
  up a DNA database to help track down thousands of
  babies allegedly stolen by nuns, priests and
  doctors since the Franco era.
• There are no clear numbers of the number of
  children who were snatched from their mothers
  during General Francisco Francos 1939-75
  dictatorship and up to the end of the 1980s.
• Estimates range from hundreds to tens of
  thousands of victims of a practice that began as
  a policy to remove children whose moral
  education was at risk and allegedly developed
  into financial trafficking.
• DNA finding lost children as well securing
  criminals away!
• http// english.alarabiya.net/articles/2012/04/12/
  207281.html

29
Today and Tomorrow
30
Cindy Crawford's Son Used as Cybercrime Bait

• Internet criminals have begun rigging Google
  Image results of the 11-year-old heartthrob to
  direct traffic to corrupt Web pages, the security
  firm Websense reports.
• This cyberscam is called a drive-by download.
  Unlike cybercrime ploys that require you to
  explicitly download attachments or enter your
  credit card info, drive-by downloads can infect
  your computer without your complicity or
  knowledge.
• Drive-by websites have been around for quite a
  while. They are just as destructive now as ever.
  They are designed to be illusive. Generally,
  whatever they are going to do is well on its way
  before you realize that you are involved in a
  drive-by website.

31
Google Image Poisoning Leadsto Exploit

• Google Image search returns poisoned pictures
  when searching on celebrity child "Presley
  Walker". We first found on Monday that all the
  image search results took users to a notorious
  exploit kit Neosploit. Later, it changed to
  redirecting users to rogue AV sites. As we
  publish this blog, the search results are still
  poisoned and are leading to Neosploit again.
• First step is to select the bait, then poison the
  bait, expose the bait and then let the sucker
  take the bait!
• http community.websense.com/blogs/securitylabs/ar
  chive/2011/04/21/presley-walker-google-image-searc
  h-results-poisoned.aspx

32
Draw A Stickman

• This is a display of how a website can interact
  with the user and the user's computer.
• As you follow the simple instructions you will
  effectively DRAW on the website which means
  that the website is monitoring the exact movement
  of your mouse!
• There is no reason why this code could not be
  altered to function in such a way that it would
  not be visible to the user.
• www. drawastickman.com

33
Predictions for 2012

• TARGETED ATTACKS GROW MORE DAMAGING AND COMPLEX
• The past two years have marked a breakthrough in
  incidents of targeted attacks that were made
  public. This is most likely due to hacktivist
  groups such as Anonymous and LulzSec as well as
  the rise of Advanced Persistent Threats (APTs)
  being used against commercial organizations. In
  the past year weve seen these kinds of attacks
  go to the next level, as large, global
  organizations and government agencies were
  attacked for commercial, political or military
  reasons.
• ILLICIT SOCIAL MEDIA SCAMS ESCALATE
• Social media has emerged as one of the primary
  ways for consumers and businesses to communicate,
  interact and share on the Web. Unfortunately
  these services are also magnets for
  cybercriminals.
• MOBILE MALWARE MENACES USERS AND ORGANIZATIONS
• In 2011, the most prolific cybercrime platforms,
  Zeus and Spyeye, developed malware for the
  Android platform in order to intercept the
  SMS-based security controls deployed by banks to
  protect their customers from banking Trojans.
  This is a good example of the constant cat and
  mouse game between the attackers and defenders.
  Android has become the most-targeted platform for
  malware, surpassing Symbian in the first half of
  2011. Another area of mobile malware that has
  just started to emerge includes the use of mobile
  devices as bots in the bot networks that are so
  widespread on desktop computers. As more
  devices/computers become networked, attackers
  will attempt to comprise these resources for
  their own use.
• www. m86security.com

34
Browser defense

• Ghostery is a good, free add-on, to your browser
  to identify and block hundreds of sources
  stealing browsing history or Personal information
  from your computer. This add-on will allow you to
  control a notification bubble which will identify
  each of the sources attempting to acquire your
  information.
• Ghostery is currently blocking 884 sites.
• www. ghostery.com
• Steven Gould's Cleanup program is a great way to
  clear iKaKa (Internet debris) from your computer.
  Steven provides the program as a free product.
• Save your login cookies via the Options section,
  run the program and what the performance of your
  computer increase.
• www. stevengould.org

35
SecureWorld Expo 2012 inclusions

• Comments from other sessions!
• Policies Procedures must compensate for BYOD
  and Personal Data on Smart Devices.
• Know what you want to put in the Cloud, classify
  your data.
• Encrypting everything is not the solution,
  isolate data from users.
• Policies Procedures must include steps like
  inspecting a device at anytime.
• Smart devices are much less structured and stable
  in design or software maturity than computers
  expect the worst.

36
Vendor references

• Powerful Online Privacy and Security With the
  Click of a Button.www. anonymizer.com
• Astaro Gateway (now owned by Sophos). Home (free)
  office equip.www. astaro.com/en-us/astaro-secur
  ity-gateway-version-comparison
• Choosing a next-generation firewall Vendor
  comparisonhttp// searchnetworking.techtarget.com
  /feature/Choosing-a-next-generation-firewall-Vendo
  r-comparison
• Keylogging Comparison Chartwww.
  keylogging.com/compare.htm
• Best Invisible Spy Software www.
  best-spy-soft.com/
• Monitoring software (comparison chart)http//
  monitoring-software-review.toptenreviews.com/

37
Family Safety resources

• Safe Internet Browsing for Parents www.
  sib4p.org
• Online predators Help minimize the riskwww.
  microsoft.com/security/family-safety/predators.asp
  x
• it's not a con a blog about security and online
  safetywww. itsnotacon.co.uk/

38
Child Safety resources

• Safe Internet Browsing for Kids www. sib4k.org
• DOJ Office for Victims of Crime www.
  ojp.usdoj.gov/ovc/publications/bulletins/internet_
  2_2001/welcome.html
• National Center for Missing and Exploited
  Children www. missingkids.com/missingkids/servlet
  /PublicHomeServlet?LanguageCountryen_US
• Crimes Against Children Research Center www.
  unh.edu/ccrc/
• Child Exploitation Enforcement www.
  justice.gov/usao/ma/childexploitation/
• Protect Every Child www. protecteverychild.org/ho
  me.php
• Kids Net Australia www. kids.net.au/
• Well Spring Living www. wellspringliving.org/
• Invisible Children www. invisiblechildren.com/