1 / 20

Personal Identity Theft in the Web-based Business World

Personal Identity Theft in the Web-based Business World. Presenter – Rick Weatherspoon Xtreme Computing, LLC. Agenda. Definition of ID Theft ID Theft Statistics Business Losses Types of Web-based ID Theft Hacking & Attacking Phishing WarXing/War Driving ID Theft Reporting Questions.

mark-randall
Download Presentation

Personal Identity Theft in the Web-based Business World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC

  2. Agenda • Definition of ID Theft • ID Theft Statistics • Business Losses • Types of Web-based ID Theft • Hacking & Attacking • Phishing • WarXing/War Driving • ID Theft Reporting • Questions

  3. Identity Theft Definition • The Deliberate Assumption of Another Person's Identity, Usually to Gain Access to their Finances, or Frame Them for a Crime

  4. ID Theft Statistics (National) • Fastest Growing Crime in US • U.S. Identity Fraud Crimes now total $52.6 Billion Annually * • Per-Victim Total of $5,686 • Affects Roughly 9.3 Million Individuals in US Yearly * Source – 2005 Study by Javelin Strategy & Research

  5. ID Theft Statistics (State) • 5,464 Complaints Filed in Washington State (2004) • Washington State Ranks within the Top 10 (8th) • Complaints Rose 20% More than in 2003

  6. ID Theft Statistics (County) * Source – Walla Walla Police Department; May 2006

  7. ID Theft Statistics (City) * Source – Walla Walla Police Department; May 2006

  8. Business Losses Due to ID Theft • Between May 2004 and May 2005, 1.5 Million Computer Users Lost $929 Million on ONLY Phishing Scams • US Businesses Lose an Estimated $2 Billion Per Year on Clients who are Victims • Businesses Lose an Average of $4,800 per Victim * *Source – Washington State AGO Identity Theft Advisory Panel; January 2006

  9. Types of Web-based ID Theft • Hacking & Attacking • Phishing • WarXing/War Driving

  10. Web-based Hacking & Attacking • Authentication Hacking • Browsing • Cookie Theft • Session Hijacking • Network Sniffers • Password Cracking • Dictionary Attacks • Google Hacking • SQL Injection • Directory Traversal

  11. Phishing • Attempts to Fraudulently Acquire Sensitive Consumer Info Via False Web Pages, Emails, IMs, FAX, VOIP • Term Arises from Using Sophisticated Lures to “Fish” for Consumer’s Financial Data & Passwords • Recently Targeting Banks, Online Payment Services, IRS Letters • Common Tricks Include Misspelled URLs, use of SubDomains, Altering Address Bars, Cross Site Scripting • Recent Scam Left Voice Messages to Call Bank with Account & PIN Numbers over a VOIP Network

  12. Citibank Phishing Email Example

  13. Citibank Phishing Web Link

  14. Citibank Phishing – User Garbled URL

  15. Citibank Phishing – Invalid Credit Card Number

  16. Citibank Phishing Source • Search with Whois Utility: IP : 219.148.0.0 - 219.148.159.255netname: CHINATELECOM-hedescr: CHINANET hebei province networkdescr: China Telecomdescr: No.31,jingrong streetdescr: Beijing 100032country: CNmnt-by: MAINT-CHINANET changed: hostmaster@ns.chinanet.cn.net 20030820 source: APNIC

  17. WarXing/War Driving • Searching for Wireless Networks and Access Points by Moving Vehicle/Bike (WLAN, WiFi HotSpots) • Captures Information Packets with WiFi-based equipment (Laptop/PDA) • Software Freely Available to Monitor, Capture, and Analyze Clear Text and Encrypted Data (NetStumbler, AirSnort, WEPCracker, etc.) • Majority of Wireless Networks Use Default Settings (SSIDs, Passwords, Encryption Keys, etc.) • Legality of War Driving Not Clearly Defined in the US

  18. Wireless Network Diagram

  19. Reporting of ID Theft • FBI/Internet Fraud Complaint Center • 1.800.251.3221 • www.ifccfbi.gov • Federal Trade Commission • 1.877.438.4338 • www.consumer.gov/idtheft/ • Internet Crime Complaint Center • www.ic3.gov/complaint • Washington State Attorney General • atg.wa.gov/consumer/idprivacy/index.shtml • Walla Walla Police Department – Investigations • 509.527.4434

  20. Questions? www.xtremecomputing.us/briefings.html

More Related