nym issa meeting
play

NYM ISSA MEETING Cellular Eavesdropping: an Evidence-based - PowerPoint PPT Presentation

Sep 16, 2023 •206 likes •533 views

NYM ISSA MEETING Cellular Eavesdropping: an Evidence-based Discussion 12 April 2011 Agenda Information Paths & The IA Security Gap Cellular & Security Eavesdropping Attack Vectors Protection Methods Information Paths On

  1. NYM ISSA MEETING Cellular Eavesdropping: an Evidence-based Discussion 12 April 2011

  2. Agenda • Information Paths & The IA Security Gap • Cellular & Security • Eavesdropping Attack Vectors • Protection Methods

  3. Information Paths On a transaction, from each party… • Executives 3 Primary • Boards Information Paths • Bankers • Lawyers • Consultants • Auditors

  4. Information Paths On a transaction, from each party… Physical • Executives • Boards • Bankers • Lawyers • Consultants $ • Face-to-face meetings • Auditors • Overnight couriers

  5. Information Paths On a transaction, from each party… Physical • Executives • Boards Data • Bankers • Lawyers • Consultants Equipment protection $$$ • Network protection • Auditors •

  6. Information Paths On a transaction, from each party… Physical • Executives • Boards Data • Bankers Voice • Lawyers • Consultants Landline protection ??? • Mobile protection • Auditors •

  7. Cellular & Security

  8. Typical Cell Call

  9. “Gates, guards and guns” Cellular Security Air link authentication and encryption

  10. Do You Need Additional Security? • How sensitive is your information shared on mobile calls? • As with any communications system, information value/confidentiality dictates the level of security solution required • AT&T Mobility and leading carriers around globe can support any level of mobile security – from normal use to the most sensitive information anywhere

  11. Eavesdropping Attack Vectors

  12. Eavesdropping Attack Vectors

  13. Tower Spoofing DefCon August 2010 – Las Vegas • Phone automatically connects to strongest signal rogue tower • “IMSI catcher” exploits authentication framework • Cost of attack reportedly $1,500, primarily RF equipment • “Bases station” code downloadable open source

  14. Voice Intercept Becoming Cheap and Easy Barriers/Costs to Attack Today Hackers Organized Any State Ethical or Otherwise Sponsored Crime Criminal Attacker Sophistication

  15. Phishing, Bots, Etc… Already Cheap and Easy Barriers/Costs to Attack Today Hackers Organized Any State Ethical or Otherwise Sponsored Crime Criminal Attacker Sophistication

  16. Tower Spoofing “Meganet's Dominator I snoops on four GSM convos at once, fits in your overnight bag” ~ Engaget http://www.youtube.com/meganetcorp#p/u/1/1eJ-WGpNQko

  17. Eavesdropping Attack Vectors

  18. Illegal Monitoring • Passive systems • Similar to analogue scanners

  19. What do they have in common?

  20. Eavesdropping Attack Vectors

  21. Unwanted Foreign Government Surveillance The Telegraph “Wiretapping is a widespread practice in Italy. Just this week it emerged that both Pope Benedict XVI and Hillary Clinton, the US secretary of state, had been inadvertently taped by Italian investigators.” 10 June 2010

  22. Eavesdropping Attack Vectors

  23. Hacker Exploits Vodafone, Ericsson Get Hung Up In Greece's Phone-Tap Scandal June 2006 The Athens Affair How some extremely smart hackers pulled off the most audacious cell-network break-in ever July 2007

  24. Hacker Exploits Chaos Computer Club December 2010 - Berlin • Exploit involves device targeting via Internet service and ‘broken’ SMS messaging technique • Cost of attack reportedly 10 Euros for each of 4 phones • Firmware downloadable open source

  25. Eavesdropping Attack Vectors

  26. 3 rd -Party App Exploits “KSL 5 Investigation: How your cell phone can be used against you”

  27. Eavesdropping Attack Vectors

  28. Access at Network Facility “The 2009 CSI Computer Crime Survey , probably one of the most respected reports covering insider threats, says insiders are responsible for 43 percent of malicious attacks. Twenty-five percent of respondents said that over 60 percent of their losses were due to nonmalicious actions by insiders. I've read many damage assessment reports stating that although insiders are responsible for fewer incidents than are outsiders, insider incidents usually result in more damage. Thus, the CSI data seems credible.” ~ InfoWorld

  29. Protection

  30. Encrypted Mobile Voice Fully integrated hardware, software and service solution from AT&T, SRA and KoolSpan

  31. Ideal For • Incident response • Investigations • Sensitive transactions • Physical safety • International travel • Untraceable information leaks MERK Includes • 10, 20 and 50 units kits • Fully configured • Security chip and app • Hosted infrastructure

  32. THANK YOU

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Social security development and migration key role of administrations The ISSA BRICS project

Social security development and migration key role of administrations The ISSA BRICS project

Promoting excellence in social security Social security development and migration key role of administrations The ISSA BRICS project BRICS 2 nd Labour and Employment Ministerial Meeting 27-28 September 2016, New Delhi, India www.issa.int

483 views • 27 slides
OVER 8800 MILES OF TRAILS SNOWDRIFTERS and the ISSA Iowa State Snowmobile Association James

OVER 8800 MILES OF TRAILS SNOWDRIFTERS and the ISSA Iowa State Snowmobile Association James

OVER 8800 MILES OF TRAILS SNOWDRIFTERS and the ISSA Iowa State Snowmobile Association James Willey, President SNOWDRIFTERS A 100% ISSA Snowmobile Club SNOWDRIFTERS A 100% ISSA Snowmobile Club THANK YOU! SNOWDRIFTERS A 100% ISSA Snowmobile

487 views • 34 slides
Extending causal inferences from a randomized trial to a target population Issa Dahabreh Center

Extending causal inferences from a randomized trial to a target population Issa Dahabreh Center

Extending causal inferences from a randomized trial to a target population Issa Dahabreh Center for Evidence Synthesis in Health, Brown University issa dahabreh@brown.edu January 16, 2019 Issa Dahabreh (Brown U.) Extending trial findings

679 views • 43 slides
From beyond gold to Vision Zero ISSA Construction Section Jean-Claude POIRIER

From beyond gold to Vision Zero ISSA Construction Section Jean-Claude POIRIER

Promoting and Developing Social Security Worldwide. ILO/ISSA International Safety and Health Conference, Challenges and Solutions in a Global Economy Global action for prevention Dsseldorf, Germany, 28-29 October 2015 Beyond Gold Best

166 views • 12 slides
N etwork safeguards are the first protec- tion barrier of IT sys- tem resources against

N etwork safeguards are the first protec- tion barrier of IT sys- tem resources against

ISSA Journal | October 2007 ISSA The Global Voice of Information Security The Principles of Network Security Design By Mariusz Stawowski Deployment of an effective and scalable network security system requires proper designing

320 views • 3 slides
Unde rsta nding the HRI S RF P Pro c e ss L issa Ca rro ll, CHRO T he Arc E rie Co

Unde rsta nding the HRI S RF P Pro c e ss L issa Ca rro ll, CHRO T he Arc E rie Co

Unde rsta nding the HRI S RF P Pro c e ss L issa Ca rro ll, CHRO T he Arc E rie Co unty Ne w Yo rk RF P = Re que st for Proposa l RF P also = Roadmap Outline for Obje c tive s Ne e ds Asse ssme nt Se le c tion

379 views • 18 slides
Cyberwar: How Worried Should We Be? Austin ISSA Dr. Bill Young Department of Computer Science

Cyberwar: How Worried Should We Be? Austin ISSA Dr. Bill Young Department of Computer Science

Cyberwar: How Worried Should We Be? Austin ISSA Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: May 8, 2013 at 17:09 Dr. Bill Young: 1 Austin ISSA, May 9, 2013 From the Headlines Pentagon accuses

724 views • 34 slides
Data Privacy Security Breach Exercise ISSA Meeting January 21, 2016 Purpose Provide a forum

Data Privacy Security Breach Exercise ISSA Meeting January 21, 2016 Purpose Provide a forum

Data Privacy Security Breach Exercise ISSA Meeting January 21, 2016 Purpose Provide a forum to discuss privacy security data incident/event issues Discuss how best to respond in the event of a privacy incident and learn from the

723 views • 54 slides
(SCP) R EGULATIONS : B ACKGROUND , I MPLEMENTING R EGULATIONS , A DMINISTRATIVE P ROCESS , AND I

(SCP) R EGULATIONS : B ACKGROUND , I MPLEMENTING R EGULATIONS , A DMINISTRATIVE P ROCESS , AND I

C ALIFORNIA S AFER C ONSUMER P RODUCTS (SCP) R EGULATIONS : B ACKGROUND , I MPLEMENTING R EGULATIONS , A DMINISTRATIVE P ROCESS , AND I MPLICATIONS FOR ISSA M EMBERS A Presentation at the ISSA Forum Hyatt Regency Crystal City, Arlington, Virginia

516 views • 30 slides
Similarities between College Students and Eusocial Insects Introduction Solange Issa, Ph.D.

Similarities between College Students and Eusocial Insects Introduction Solange Issa, Ph.D.

Similarities between College Students and Eusocial Insects Introduction Solange Issa, Ph.D. Full Professor of Biology, Simn Bolvar University, Dean of Professional Studies Natesha Smith, Ph.D., Adjunct Faculty in Student Affairs

336 views • 8 slides
Phosphorus Recovery from Incinerated Sewage Sludge Ash (ISSA) and Turn into Phosphate Fertilizer

Phosphorus Recovery from Incinerated Sewage Sludge Ash (ISSA) and Turn into Phosphate Fertilizer

The Hong Kong Polytechnic University Phosphorus Recovery from Incinerated Sewage Sludge Ash (ISSA) and Turn into Phosphate Fertilizer Student :Le FANG Supervisor: C. S. POON ----June. 2018 Contents Background and motivation

799 views • 25 slides
Whole-life Approach to Prevention Culture ILO-ISSA Conference on Challenges and Solutions in a

Whole-life Approach to Prevention Culture ILO-ISSA Conference on Challenges and Solutions in a

Whole-life Approach to Prevention Culture ILO-ISSA Conference on Challenges and Solutions in a Global Economy 29. October 2015, A&A Julia Flintrop, EU-OSHA Safety and health at work is everyones concern. Its good for you. Its good

151 views • 11 slides
Boost Your ROI with Marketing Automation and Analytics sponsored by ISSA Young Executive Society

Boost Your ROI with Marketing Automation and Analytics sponsored by ISSA Young Executive Society

Boost Your ROI with Marketing Automation and Analytics sponsored by ISSA Young Executive Society Mon. September 11 | 3:00 PM - 3:45 PM | N107 Debbie Sardone Business Consultant Author Speaker Nonprofit Founder

648 views • 7 slides
Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy Day British Columbia

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy Day British Columbia

Vancouver SecSig, (ISC)2, and ISSA Vancouver Chapters Its a Cloudy Day British Columbia January 2 1 , 2 0 1 5 Welcome Agenda Time Topic Speaker 8:30 8:45 Welcome & Review Days Agenda Glen Bruce 8:45 9:15 ISO 27000

178 views • 15 slides
EXTRACTING ATTACK SCENARIOS USING INTRUSION SEMANTICS Sherif Saad, Issa Traore Information

EXTRACTING ATTACK SCENARIOS USING INTRUSION SEMANTICS Sherif Saad, Issa Traore Information

EXTRACTING ATTACK SCENARIOS USING INTRUSION SEMANTICS Sherif Saad, Issa Traore Information Security and Object Technology Lab University of Victoria ECE Department 5 th FPS 2012 Overview 2 Introduction Related Work Approach

946 views • 21 slides
Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information

Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information

Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information Security and Object T echnology (ISOT) Lab http://www.isot.ece.uvic.ca 1 Agenda Introduction Applications Requirements Biometric

268 views • 16 slides
Using Sensitive Information on Android Based Smartphone Romkevan Dijk Android 6: To what extent

Using Sensitive Information on Android Based Smartphone Romkevan Dijk Android 6: To what extent

Using Sensitive Information on Android Based Smartphone Romkevan Dijk Android 6: To what extent is sensitive information protected? RQ2 & RQ3 RQ1 Androids security features Requirements Methodology RQ4 Sensitive information

811 views • 33 slides
Admissibility of Evidence from Social Media and Eavesdropping; Liability to Child Rep in

Admissibility of Evidence from Social Media and Eavesdropping; Liability to Child Rep in

Admissibility of Evidence from Social Media and Eavesdropping; Liability to Child Rep in Disclosing Unlawfully Obtained Information Most popular forms of Social Media FACEBOOK INSTAGRAM SNAPCHAT TWITTER LINKEDIN WhatsApp

502 views • 17 slides
Cas Casa a Blan Blanca ca Board of Directors Meeting April 14, 2016 Agenda Roll Call Old

Cas Casa a Blan Blanca ca Board of Directors Meeting April 14, 2016 Agenda Roll Call Old

Cas Casa a Blan Blanca ca Board of Directors Meeting April 14, 2016 Agenda Roll Call Old Business I. XI. Call Meeting to Order - Quorum determined Lighthouse Contract II. I. Motion to Excuse Absent Directors XII. New Business III.

461 views • 34 slides
Shenango o Township Lawrence County, , Pennsylvania ia Shenango Township Lawrence County

Shenango o Township Lawrence County, , Pennsylvania ia Shenango Township Lawrence County

Shenango o Township Lawrence County, , Pennsylvania ia Shenango Township Lawrence County Mission Statement 1 Meeting Schedule

1.44k views • 108 slides
Fault-Tolerant and Secure Data Transmission Using Random Linear Network Coding Pouya Ostovari

Fault-Tolerant and Secure Data Transmission Using Random Linear Network Coding Pouya Ostovari

Fault-Tolerant and Secure Data Transmission Using Random Linear Network Coding Pouya Ostovari and Jie Wu Computer & Information Sciences Temple University Center for Networked Computing http://www.cnc.temple.edu Agenda Introduction

398 views • 19 slides
Extending ISO/IEC 14443 Type A Eavesdropping Range using Higher Harmonics Maximilian Engelhardt 1

Extending ISO/IEC 14443 Type A Eavesdropping Range using Higher Harmonics Maximilian Engelhardt 1

Extending ISO/IEC 14443 Type A Eavesdropping Range using Higher Harmonics Maximilian Engelhardt 1 , Florian Pfeiffer 2 , Klaus Finkenzeller 3 , Erwin Biebl 1 1 Fachgebiet Hchstfrequenztechnik - Technische Universitt Mnchen 2 perisens GmbH 3

379 views • 19 slides
Secure Robust Resource Allocation in the Presence of Active Eavesdroppers using Full-Duplex

Secure Robust Resource Allocation in the Presence of Active Eavesdroppers using Full-Duplex

Secure Robust Resource Allocation in the Presence of Active Eavesdroppers using Full-Duplex Receivers VTC Fall 2015, Boston, USA M. R. Abedi, Modares University, Iran N. Mokari, Modares Univrsity, Iran H. Saeedi, Modars University, Iran H.

821 views • 18 slides
Virtual Public Networks (VPuN) Arjuna Sathiaseelan Computer Laboratory Digital divide and

Virtual Public Networks (VPuN) Arjuna Sathiaseelan Computer Laboratory Digital divide and

Virtual Public Networks (VPuN) Arjuna Sathiaseelan Computer Laboratory Digital divide and affordability @ the developed world (Source: Analysys Mason, 2013) UK statistics show almost half of the UKs adult

183 views • 14 slides

More recommend