1 / 13

Case 216: The Incident That Brought Us Together

Explore the timeline, observations, and the need for data security in Case 216. Understand the importance of securing scientific data and address the question of whether attacks have diminished. Learn from high-profile incidents and gather insights to improve security posture.

kcross
Download Presentation

Case 216: The Incident That Brought Us Together

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Case 216 The Incident That Brought Us Together December 12, 2005Jim Barlow, NCSAandVictor Hazlewood, SDSC

  2. Outline • Case 216 Overview • Timeline • Intruder infrastructure • Observations • Why are we here today? • Data Security • Why do we need to worry? • Conclusion

  3. Timeline • Aug 03 – First known related attack • Oct 03 – Dec 03 BNL, Caltech, and Colorado • Mar 04Berkeley, LBL, NCAR, ANL, NCSA, SDSC • Apr 04Stanford, Intruder email, SDSC (Tsutomo website), Spafford comments to NSF, CIAC Note to FIRST, News coverage: AP and Washington Post, SDSC begins trace

  4. Timeline • May 04UMN and CMU sniff intruder, SDSC home directories wiped, password collector discovered at Colorado, DOE incidents, notice to Internet2 goes unnoticed, Big Company incident, NCSA honeypot set, Jim and Victor become partners of a sort • June 04 - Nov 04password collector and intruder hub moves to numerous places, intruder infrastructure changes multiple times, amazing cooperation between sites and with LE, possible perpetrator identified

  5. Timeline • Dec 04 - May 05 • Contact made with Swedish authorities • Luckily, Swedish sites are also victims • FBI notifies Swedish authorities of individual involved • Swedes serve search warrant on teenager • Monitored intruder activity stops for first time in over a year

  6. Intruder Infrastructure • Infrastructure Diagram

  7. Observations • Intruder gets a B- rating • Intruder misses/ignores lots of items • Had the potential to be much more effective (and dangerous) • Never appeared to make the money jump

  8. Why are we here today? • What has changed from last year? • Have attacks gone away?Already seen similar attack methods • Are we all completely secure? • How do we get from here to there? • Last year’s meeting. See final report* • This year’s meeting. Theme: Data Security

  9. 2005 – The year of the data breach • Two data security incident per week • Ranges from hacking to stolen machines • Sites tracking incidents • privacyrights.org – 95 incidents since Feb 15 • idtheftcenter.org – 125 from Jan to early Nov • attrition.org – 100+ reports this year • High profile incidents • ChoicePoint • Iron Mountain storage company

  10. Data Breaches

  11. Why Should We Worry? • Scientific data is valuable • Who would want it? • Titan Rain incident • Competing researchers“Fictitious” incident • Not just external threats • Protect users from each otherInformal survey of six HPC sites • Strict guidelines can cause other problems

  12. Other Questions to Ponder • Who are using our resources? • Where are our crown jewels? • What is the goal of security?

  13. Conclusion • Goals of breakout sessions and conference • Sharing of information and ideas • Understanding our communities diverse perspectives • Discuss our communities strengths and weaknesses • Identify our community security needs • How do we improve our posture? • How can the NSF help?

More Related