ack
2. Bringing out or lost
of data media
3. Mistake on sending
data to outside.
4. Insider Crime
5. Thoughtless leak on
Social Networking S
ervice
Human
Error
Intention
al
HumanTargeted
DOS Attack
Cracker Group
Individual
Mass Spam
Particular Person
Particular
Organization
Everyone
zed.
4
machine.
Those are not accidental human error, but
sophisticated techniques to reduce human wariness.
ent
Why bring out? Why copy files on USB memory?
Overtime work at home
Sending big files to customers.
To convey files to stand-alone equipment.
Why leaks?
Lost of USB memory and/or smart phone.
Attach big strap on such small equipment.
Smart phones must be protected by passcode.
Make Password Policy: how to make, share, and retir
e them.
Not guarded equipment
Left as initial setting/password.
Peeping from side
Do not open your laptop and smart phone in crow
rom it.
Do not use old file again.
tachments.
But, email address is not easy to re
ad.
Do not use unreliable methods
Broadcast mail with hiding receivers
10
ch
By personal belief and/or political reason
Wikileaks, etc.
11
ant.
Leak preceding offical press release, etc.
Why write?
SNS (Social Network Services)seem a small network
12
s of ones friends.
But, SNS are actually worldwide and open.
In SNS, one can play it as almost anonymous.
But, it is very easy to detect your identity from rec
ords of your anonymous account.
This info
is
important.
Bosss
View
13
It is not
important.
Subordinate's view
This info is It
is
not
important.
important.
<Locked Door> <Door
of
This
info
is Rumor>
dealt
as This info is easy
property.
to be leaked.
<Free Door>
<Glassed-In
This info remain
Door>
neglected until
This info is used
analysis
without correct
technology
is
permission.
invented.
14
Deceit
attack Neglect
Configuration
15
16
s
s
e
l
e
r
Wi ware wardriving
rootkitting
firm ate
d
p
Shows uthat more than
50% of APs are vulnerable
Weak passwords
17
s
s
e
l
e
r
Wi m
a
r
v
n
e
Use DNS server x.x.x.x
u
l
a
v
g
n
i
t
t
e
Ands worse: geographic spread!
18
19
Experiment Design
20
21
Reality:
1
4
22
eBay
3 credentials
Attack:
A
23
1 (spoof)
2 credentials
A2
Experiment:
2
1
A1
5 eBay
(s
po
of
B
4 credentials
Stay Safe
Think before you
click and try to be
mysterious when
online
25