how big is your shadow?
DESCRIPTION
Launch night presentation from Digital Shadows at London's Innovation Warehouse, August 3rd 2011. Digital Shadows protects organisations from targeted attacks by reducing their exposure to hostile reconnaissance.TRANSCRIPT
![Page 1: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/1.jpg)
How big is your shadow?
03 August 2011
The Innovation Warehouse, London
TM
![Page 2: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/2.jpg)
Agenda
• Introductions• What is a digital shadow?• What are the implications?• How do you regain control?• Q&A
![Page 3: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/3.jpg)
Q: What is a digital shadow?
For an organisation this may include:
• Technical information e.g.– Server names– Server locations– Software versions
• Organisation information e.g.– Locations– Organisation structure– Security practices
• Personal information e.g.– Employee movements– Friends– Interests
A: The trail left by an entity's interactions with the Internet
![Page 4: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/4.jpg)
A real example of a digital shadow
This visualisation was produced by one of the visualisation tools we use
Each node represents a data item discoverable from the Internet about an organisation
![Page 5: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/5.jpg)
“Sharing is growing at an exponential rate”
Mark Zuckerberg, CEO, FacebookJuly 2011
•Over 30 billion pieces of content (links, notes, photos, etc.) are shared on Facebook per month [source mashable]
![Page 6: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/6.jpg)
And it’s not just Facebook…
Sources used for information sharing online
![Page 7: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/7.jpg)
It’s definitely not just Facebook…
Source: theconversationprism.com
![Page 8: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/8.jpg)
The evolving Internet is a real force for good
• We can collaborate and self-organise for the common good
– Haiti Earthquake Response – Open Streetmap critical in co-ordinating the relief effort
– Arab Spring use of social media has been a factor to the social revolution in the middle east
• We can share knowledge and experiences in ways hitherto impossible
• We are fully in favour of the social web!
![Page 9: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/9.jpg)
Some interesting statistics
• Our own research indicates 72% of employees divulge information online that could be used in a targeted attack
Accepted a Facebook friend request from 'Freddi the frog'
Disclose their friends list
Reveal educational establishments
Reveal their employer
Disclose their interests
Disclose their location
Have never checked their Facebook privacy settings
0% 20% 40% 60% 80% 100%
41%
95%
58%
42%
35%
19%
65%
How people use Facebook
Sources: Sophos, Max Planck Institute, Facebook
![Page 10: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/10.jpg)
Hostile reconnaissance
• 90% of the time a hacker spends is conducting reconnaissance. (CEH)
• 200% increase in targeted attacks (Cisco 2011)
The risks Misadventure Attackers’ objective
Helpdesk coercion Accidental leaks Defacement
‘Spear phishing’ Privacy gap on social media
DDoS
Impersonation and Infiltration
Lack of acceptable use policy
Network compromise
Domain squatting Overshare Data leakage
Procedure compromise
False sense of security
Fraud
The risks are evolving with the Internet…
![Page 11: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/11.jpg)
Risk area: hackers tools and techniques
• 1623 Google Search Terms used to Identify:– sensitive documents, – accidental leaks, – misconfigured software and much much more…– Enabled by tools
• Footprinting security research tools (example Paterva Maltego)
• APIs – attackers use for data mining the social web
• Specialist search engines now available for vulnerability scanning
![Page 12: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/12.jpg)
Risk area: social engineering/coercion
I seem to have forgotten my password! I need to get to my files right now!
Hello IT.. Have you tried turning it off and on
again?
Certainly, I need you to answer a
few security questions first.
OK, fire away!
OK Mr Rhenholm, What’s your Telephone Extension
Sure, that’s 98-1234Ahem, well that’s.. 1st April 1970
Date of Birth?Name of line manager?
That would be Renholm Snr.Thank you! Good Bye!
Thank you Sir, your password is reset. It’s
£Wednesday1970
![Page 13: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/13.jpg)
Risk Area: social engineering/coercion
1. Extension on a leaked telephone list2. LinkedIn provided line manager details3. Ancestry.co.uk provided a birthdate for Mr Manager of East
Croydon
•Attacker later looked at the ‘technical shadow’ to locate a remote email access point for Reynholm industries•Also once the password format is known, it’s much easier to brute force for other users
![Page 14: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/14.jpg)
Risk area: a targeted ‘spear phishing’ attack
“The first thing actors like those behind [the attack on RSA] do is seek publicly available information about specific employees – social media sites are always a favorite…You don't bother to just simply hack the organisation and its infrastructure; you focus much more of your attention on hacking the employees“The RSA blog
![Page 15: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/15.jpg)
Example: Tibetan human rights group attack
Source: infowar-monitor.net
Organisation information- Already obtained?
Personal information- Already obtained?
Technical information- Link would have collected the technical shadow: MS Office, Flash, Adobe Acrobat, browser etc.- Near-guarantees the success of a future attack
![Page 16: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/16.jpg)
We need a solution...
So what should be done to address these risks?
Aarrgh ! Aaah !
![Page 17: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/17.jpg)
Continue existing security programmes
Five practical steps
1 Continue existing security programmes ✔Monitor your shadow2
Clean up your shadow4
Set helpful guidelines3
Know your foe5
![Page 18: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/18.jpg)
Continue existing security programmes
Five practical steps
1 Continue existing security programmes ✔Monitor your shadow2
Clean up your shadow4
Set helpful guidelines3
Know your foe5
Publisher Company Employee Friendly 3rd Party Neutral 3rd Party Hostile3rd Party
Remedy Easy – Just remove it Polite observation
Polite observation Formal communication
Legal action / Drown Out
Cost Free £ £ ££ £££
![Page 19: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/19.jpg)
Our specialist services
Risk Assessment
Monitor your shadow
Set helpful guidelines
Clean up your shadow
Know your foe
1 2 3
4
5
VIP Protect
Organisation Monitoring
![Page 20: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/20.jpg)
A typical engagement
![Page 21: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/21.jpg)
Conclusion
• Your digital shadow is not benign• We can help you regain control• This is a job for specialists
TM
Protecting organisations from hostile reconnaissance and targeted cyber attacks
![Page 22: How big is your shadow?](https://reader033.vdocuments.us/reader033/viewer/2022061117/54577308af7959795d8b4fc3/html5/thumbnails/22.jpg)
Digital Shadows Ltd
145 -157 St John Street
London
EC1V 4PY
United Kingdom
+44 (0)208 123 7894
Digital Shadows Ltd is registered in England and Wales under No: 7637356.Registered office: 53 Gildredge Road, Eastbourne, East Sussex, BN21 4SF
TM
Copyright 2011 Digital Shadows Ltd. ALL RIGHTS RESERVED.