prismbreak
play

PRISMBREAK The value of online identities Frank Ackermann, November - PowerPoint PPT Presentation

May 18, 2023 •361 likes •819 views

PRISMBREAK The value of online identities Frank Ackermann, November 2013 disclaimer This talk is focused on security awareness. This talk does not contain proof of concepts, shell code, scripts or other in-depth technical details. The

  1. PRISMBREAK The value of online identities Frank Ackermann, November 2013

  2. disclaimer ● This talk is focused on security awareness. This talk does not contain proof of concepts, shell code, scripts or other in-depth technical details. ● The content of this talk does not reflect the opinion or security safety measures of current or former employers. ● The talk is not related to websites or toys. PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 2

  3. who am i ● My heraldic motto: “Security is not my job – it is my passion!” ● Working as an IT- and Information Security Specialist over a decade, focused on Security Management, Consulting and Architecture ● Living and working in Düsseldorf, Germany ● Contact: prism.break@gmx.de PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 3

  4. agenda ● The “PrismBreak”: Data gathering is becoming surveillance ● The “Value”: Identities are becoming one of the future currencies ● Conclusion PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 4

  5. spin doctors & motivators ● Identify theft and related fraud has increased ● #winebloggers ● Edward Snowden's awareness activity in June 2013 (→ 'Prism' Break) PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 5

  6. thesis I The PRISMBREAK Data gathering is becoming surveillance PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 6

  7. Prism Source: [2] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 7

  8. Prism II Source: [2] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 8

  9. not only Prism ... ● FBI decided to merge data to protect against and identify criminals ● Program name: Next Generation Identification ● Project submitted: June 2004 ● Merger of biometric- and classic data resources ● Details: fbi.gov/news/stories/2009/january/ngi_012609 – fbi.gov/about-us/cjis/fingerprints_biometrics/ngi/ngi2/ – PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 9

  10. commercial products ● “Glimmerglass develops and integrates fast and agile cyber solutions to derive actionable information from optical and electronic signals.” Source: [4] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 10

  11. surveillance society ● Prism, Tempora, Xkeyscore, localization of mobile-users, automatic envelope-scanning, flight bookings, analyzing money-transactions... These are indicators of a surveillance society! ● Google Picasa offers user-tagging and face- recognition (→ face move → picture tagging) ● Giga-tagging (tagging and face-recognition) of large groups (e.g. football match) is widely used ● Facebook's photo tagging PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 11

  12. situation ● "We know what you're going to do tomorrow," Mark Greene, Fair Isaac's chief executive, told investors earlier this year ● "Data is good," Mr. Greene said in an interview. "The more data we have access to, the more insight we have." ● → Rating system based on predictive analysis and decision management PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 12

  13. history – isolated silos ● Data used to be in silos ● Private data, mostly non-electronic, was only shared in private forums ● Some data was transferred to companies Private data Private enterprise Military/Intelligence PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 13

  14. breakup of boundaries ● Data is shared and used for several purposes ● Companies get involved managing data (big data, platforms, cloud, ...) Private data Private enterprise Military / Intelligence PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 14

  15. affected future I ● Historical and present data affect future reactions ● Behavior and reactions are predicted ● "We know what you're going to do tomorrow" Private data Private enterprise Military / Intelligence PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 15

  16. affected future II ● Leigh Van Bryan, Jan 2012 'I'm going to destroy America and dig up Marilyn Monroe': British pair arrested in U.S. on terror charges over Twitter jokes ● Algorithms support analysis on potential future behavior PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 16

  17. conclusion thesis I ● Data gathering is supporting surveillance ● Indicators for a surveillance society are given ● Enterprises and agencies are verifying mechanisms to analyze and predict behavior PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 17

  18. thesis II The VALU E Identities are becoming one of the future currencies PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 18

  19. the value of an identity ● Information / Internet content stands on its own ● The content's value is influenced by the platform ● The value of this data can be enriched by the publishers-, producers or developers identity – e.g. news- and market-feed (financial) – e.g. product reviewer in a shopping-platform – e.g. political blogs or opinion-makers PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 19

  20. blog and identity ● *1997 weblog → *1999 we blog ● Log = leave track ● Examples: – Micro-blogging (e.g. Twitter, Facebook) – Online Journalism (e.g. news, weather) – Consumer generated advertising (e.g. Amazon- reviews, George Masters iPod adds, CokeLight/Mentos → www.eepybird.com) – Video- and audio blogging (e.g. YouTube) PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 20

  21. making money with blogs ● Spice up your income by adding – Affiliate marketing (per print/print-out, per lead, …) – Pay per click – Link-selling – Advertisement / banner to your blogs. ● Is it worth doing this? PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 21

  22. $$$ ● Examples – selbstaendig-im-netz.de stated 4-5K€ / month – blog.rankseller.de stated in their research that 13% of 2344 responders earned more then 1K€ / month – mongabay.com makes $15-18K / month – problogger.net made $250K in 2007 PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 22

  23. value of Facebook fan$ ● Syncape, April 2013: – 1 fan of a product ≥ $150 for product owner. – Value (of each products fan to a product) is reflected in the actions and interactions of each fan. – Social (and social networking) is a core marketing strategy PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 23

  24. interactions and values ● The value of an identity is linked to interaction with others ● Online interactions become more significant and visible/traceable – therefore interactions themselves become more valuable + A B A vs B - A B PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 24

  25. Amazon reviewer Hall of fame! Total Reviews Helpful Votes Percent Helpful PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 25

  26. content and usage I ● To produce value, content is created, shared and rated by other users Content User A Platform Tool Like Follow Rate User B PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 26

  27. content and usage II ● Platforms are supporting the rating, evaluation and analyzation of identities, behavior, content Platform Content Identity user A User A Vendor Employees Tool Rate Analyze identity and content of User B e.g. user A PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 27

  28. chances for business ● The golden years of digital processing and big data analysis have only just begun Source: [1] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 28

  29. challenges for business I ● Breach of Sony's Network in April 2011 cost over EUR 120 million ● Some trends business is following – data driven R&D (involve customers in dev. & test) – selling and trading data as a new revenue stream – process automation (e.g. Oyster Card, London) – enhanced data analyzing of shared sources PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 29

  30. challenges for business II ● What is missing? – increase privacy control for users – display how the data is used (transparency) – build data-driven organizations, not IT ● Better security of data increases protection of identities and supports the sustainability and accuracy of data! PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 30

  31. attack surface I ● We still have a ton of vulnerabilities in our platforms and tools & issues with the basics! – Java → affects all web-platforms and tools like Tumblr, Twitter, Facebook – browser and browser-plugins – bloggers: WordPress & WordPress Plugins – web-content, links, XSS → advertising, fraud – internet and IPv4/v6 – local applications and installations including OS PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 31

  32. attack surface II tools & user knowledge & techniques activity #1 … growing … reaching #2 out for new features vulnerabilities & attackers PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OVERVIEW OF THE STOCHASTIC THEORY OF PORTFOLIOS IOANNIS KARATZAS Department of Mathematics,

OVERVIEW OF THE STOCHASTIC THEORY OF PORTFOLIOS IOANNIS KARATZAS Department of Mathematics,

OVERVIEW OF THE STOCHASTIC THEORY OF PORTFOLIOS IOANNIS KARATZAS Department of Mathematics, Columbia University, NY and INTECH Investment Technologies LLC, Princeton, NJ Talk at ICERM Workshop, Brown University June 2017 1 / 116 SYNOPSIS

1.38k views • 116 slides
BANK MARKETING ETING DATA ANALYSI SIS Instructor: Professor Soon Ae Chun Subject Name: BDA761

BANK MARKETING ETING DATA ANALYSI SIS Instructor: Professor Soon Ae Chun Subject Name: BDA761

12/17/2015 BANK MARKETING ETING DATA ANALYSI SIS Instructor: Professor Soon Ae Chun Subject Name: BDA761 Big Data Management in a Supercomputing Environment Date : 10 th Dec 2015 Student Name: Eun Jin Kwak BANK DATA ? Basic &

548 views • 7 slides
Full Spectrum Computer Network (Active) Defense Black hat USA 2013 Agenda Disclaimer

Full Spectrum Computer Network (Active) Defense Black hat USA 2013 Agenda Disclaimer

Legal Aspects of Full Spectrum Computer Network (Active) Defense Black hat USA 2013 Agenda Disclaimer Errata Self Defense in Physical World Applying Self Defense to Computer Network Defense Technology Pen Testing/Red

1.17k views • 82 slides
Key Escrow Key escrow system allows authorized third party to recover key Useful when

Key Escrow Key escrow system allows authorized third party to recover key Useful when

Key Escrow Key escrow system allows authorized third party to recover key Useful when keys belong to roles, such as system operator, rather than individuals Business: recovery of backup keys Law enforcement: recovery of keys

623 views • 23 slides
CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

source: computer-networks-webdesign.com CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu These slides are adapted from the textbook slides by J.F. Kurose and K.W. Ross Chapter 2: Application layer

1.29k views • 117 slides
CS/INFO 330 Java EE Technology Mirek Riedewald mirek@cs.cornell.edu (Based on Suns Java EE

CS/INFO 330 Java EE Technology Mirek Riedewald mirek@cs.cornell.edu (Based on Suns Java EE

CS/INFO 330 Java EE Technology Mirek Riedewald mirek@cs.cornell.edu (Based on Suns Java EE Tutorial) Resources Java EE tutorial http://java.sun.com/javaee/5/docs/tutorial/doc/ Java EE SDK API

661 views • 19 slides
Validity How to make sure your testing investment yields reliable How to make sure your testing

Validity How to make sure your testing investment yields reliable How to make sure your testing

Validity How to make sure your testing investment yields reliable How to make sure your testing investment yields reliable data (interactive panel with experts) D Daniel Burstein i l B t i B b K Bob Kemper Aaron Gray Eric Miller Interactive

755 views • 48 slides
Welcome! CONTENT MANAGEMENT & USABILITY / USS / UIT OU CAMPUS MEETING AND TRAINING Last Time

Welcome! CONTENT MANAGEMENT & USABILITY / USS / UIT OU CAMPUS MEETING AND TRAINING Last Time

CONTENT MANAGEMENT & USABILITY / USS / UIT OU CAMPUS MEETING AND TRAINING Welcome! CONTENT MANAGEMENT & USABILITY / USS / UIT OU CAMPUS MEETING AND TRAINING Last Time We Met: OU Campus v10 Upgrade Brand new, streamlined interface

548 views • 28 slides
Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the

Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the

Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the Pieces Together Web Server Browser Database HTML SQL Query CGI Results HTML Why Database-Generated Pages? Remote access to a database

796 views • 28 slides
CSE 440: Introduction to HCI User Interface Design, Prototyping, and Evaluation James Fogarty

CSE 440: Introduction to HCI User Interface Design, Prototyping, and Evaluation James Fogarty

CSE 440: Introduction to HCI User Interface Design, Prototyping, and Evaluation James Fogarty Lecture 05: Design Diamond Eunice Jun David Wang Elisabeth Chin Ravi Karkar Tuesday / Thursday 10:30 to 11:50 Quantity versus Quality One class

953 views • 71 slides
Media Resource Brokering Chris Boulton, Lorenzo Miniero draft-ietf-mediactrl-mrb-03 Changes

Media Resource Brokering Chris Boulton, Lorenzo Miniero draft-ietf-mediactrl-mrb-03 Changes

Media Resource Brokering Chris Boulton, Lorenzo Miniero draft-ietf-mediactrl-mrb-03 Changes since -02 Fixed several nits/typos Terminology and clarifications Added support for SIP 3xx response in IAMM An alternative to

412 views • 14 slides
Z Z E R M A I L matti.aarnio@sonera.fi 1

Z Z E R M A I L matti.aarnio@sonera.fi 1

ZMailer A Different Kind of MTA Z Z E R M A I L matti.aarnio@sonera.fi 1

957 views • 72 slides
Hackinggroup Python Workshop Part 2 A tale about dutch ducks with a fable for British

Hackinggroup Python Workshop Part 2 A tale about dutch ducks with a fable for British

Hackinggroup Python Workshop Part 2 A tale about dutch ducks with a fable for British comedy Thomas Kastner Michael Rodler 2012-12-16 Introduction Wer san ma denn? Michael Rodler aka f0rk, f0rki, f0rkmaster, Gabel, etc.

2.06k views • 59 slides
Social Innovation for the Generation Education as a Catalyst for Change in the

Social Innovation for the Generation Education as a Catalyst for Change in the

Social Innovation for the Generation Education as a Catalyst for Change in the 21st Century Lee Sharma, Simply Do Ideas & John Barker, Cardiff Metropolitan University @startuplee @johnbarker35 @simplydoideas

220 views • 21 slides
rela%onal model Relational Model A database consists of several tables (relations)

rela%onal model Relational Model A database consists of several tables (relations)

rela%onal model Relational Model A database consists of several tables (relations) Customer Account Depositor CustID Name Street City State AccountNum Balance CustID AccountNum

689 views • 22 slides
DeepJet Framework Swapneel Mehta, Mauro Verzetti, Jan Kieseler, Markus Stoye, Maurizio Pierini CMS

DeepJet Framework Swapneel Mehta, Mauro Verzetti, Jan Kieseler, Markus Stoye, Maurizio Pierini CMS

DeepJet Framework Swapneel Mehta, Mauro Verzetti, Jan Kieseler, Markus Stoye, Maurizio Pierini CMS Experiment, EP-CMG-PS CERN Machine Learning 1. Comprehensive libraries 2. Fantastic documentation 3. Interactive Tutorials 4. Developer

788 views • 32 slides
Daily C++ A ten minute talk on ten minute talks Barney Dellar April 2018 Canon Medical Research

Daily C++ A ten minute talk on ten minute talks Barney Dellar April 2018 Canon Medical Research

Daily C++ A ten minute talk on ten minute talks Barney Dellar April 2018 Canon Medical Research Europe Ltd. Canon Medical April 2018 2 Barney Dellar @branaby Canon Medical April 2018 3 Barney Dellar @branaby Agile April 2018 4

408 views • 18 slides
CSCI 144 - Introduction to Computer Science Instructor: John Goettsche Computer Science

CSCI 144 - Introduction to Computer Science Instructor: John Goettsche Computer Science

1 CSCI 144 - Introduction to Computer Science Instructor: John Goettsche Computer Science Department Pacific Lutheran University Spring 2018 Strings Strings name String name; ? name = Fred Flintstone ; Fred Flintstone

188 views • 6 slides
Dont Optimize my Queries; Optimize my Data! Julian Hyde DataEngConf NYC 2017/10/30

Dont Optimize my Queries; Optimize my Data! Julian Hyde DataEngConf NYC 2017/10/30

Dont Optimize my Queries; Optimize my Data! Julian Hyde DataEngConf NYC 2017/10/30 @julianhyde SQL Query planning Query federation OLAP Streaming Hadoop ASF member Original author of Apache Calcite PMC Apache Arrow, Calcite, Drill,

745 views • 49 slides
Structural Programming Course Content and Data Structures Introduction Vectors

Structural Programming Course Content and Data Structures Introduction Vectors

Structural Programming Course Content and Data Structures Introduction Vectors Objects Testing/Debugging Winter 2000 Methods Arrays Tracing Programs Searching CMPUT 102: Vectors and other Repetitions

557 views • 17 slides
Management Map NISC Webinar 5/23/2013 Barney Krucoff State of Maryland Geographic Information

Management Map NISC Webinar 5/23/2013 Barney Krucoff State of Maryland Geographic Information

The Many Flavors of OSPREY: Marylands Emergency Management Map NISC Webinar 5/23/2013 Barney Krucoff State of Maryland Geographic Information Officer & Situational Awareness Coordinator Department of Information Technology

335 views • 17 slides
ASTR 1120 Dark matter halo for galaxies REVIEW General Astronomy: Dark matter extends Stars

ASTR 1120 Dark matter halo for galaxies REVIEW General Astronomy: Dark matter extends Stars

ASTR 1120 Dark matter halo for galaxies REVIEW General Astronomy: Dark matter extends Stars & Galaxies beyond visible part of the galaxy -- mass is ~10x stars and gas! NNOUNCEMENTS Probably not normal mass that we know of

566 views • 10 slides
Chapter Eight: Regular Expression Applications Formal Language, chapter 8, slide 1 1 We have

Chapter Eight: Regular Expression Applications Formal Language, chapter 8, slide 1 1 We have

Chapter Eight: Regular Expression Applications Formal Language, chapter 8, slide 1 1 We have seen some of the implementation techniques related to DFAs and NFAs. These important techniques are like tricks of the programmer's trade,

510 views • 39 slides
for Web Applications 01 Introduction to Perl Alexandros Labrinidis University of Pittsburgh

for Web Applications 01 Introduction to Perl Alexandros Labrinidis University of Pittsburgh

CS 1520 / Fall 2012 Programming Languages for Web Applications 01 Introduction to Perl Alexandros Labrinidis University of Pittsburgh What is Perl n P ractical E xtraction and R eporting L anguage n 1987 n Larry Wall n roots in

810 views • 31 slides

More recommend