prismbreak
play

PRISMBREAK The value of online identities Frank Ackermann, November - PowerPoint PPT Presentation

May 18, 2023 •361 likes •819 views

PRISMBREAK The value of online identities Frank Ackermann, November 2013 disclaimer This talk is focused on security awareness. This talk does not contain proof of concepts, shell code, scripts or other in-depth technical details. The

  1. PRISMBREAK The value of online identities Frank Ackermann, November 2013

  2. disclaimer ● This talk is focused on security awareness. This talk does not contain proof of concepts, shell code, scripts or other in-depth technical details. ● The content of this talk does not reflect the opinion or security safety measures of current or former employers. ● The talk is not related to websites or toys. PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 2

  3. who am i ● My heraldic motto: “Security is not my job – it is my passion!” ● Working as an IT- and Information Security Specialist over a decade, focused on Security Management, Consulting and Architecture ● Living and working in Düsseldorf, Germany ● Contact: prism.break@gmx.de PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 3

  4. agenda ● The “PrismBreak”: Data gathering is becoming surveillance ● The “Value”: Identities are becoming one of the future currencies ● Conclusion PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 4

  5. spin doctors & motivators ● Identify theft and related fraud has increased ● #winebloggers ● Edward Snowden's awareness activity in June 2013 (→ 'Prism' Break) PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 5

  6. thesis I The PRISMBREAK Data gathering is becoming surveillance PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 6

  7. Prism Source: [2] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 7

  8. Prism II Source: [2] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 8

  9. not only Prism ... ● FBI decided to merge data to protect against and identify criminals ● Program name: Next Generation Identification ● Project submitted: June 2004 ● Merger of biometric- and classic data resources ● Details: fbi.gov/news/stories/2009/january/ngi_012609 – fbi.gov/about-us/cjis/fingerprints_biometrics/ngi/ngi2/ – PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 9

  10. commercial products ● “Glimmerglass develops and integrates fast and agile cyber solutions to derive actionable information from optical and electronic signals.” Source: [4] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 10

  11. surveillance society ● Prism, Tempora, Xkeyscore, localization of mobile-users, automatic envelope-scanning, flight bookings, analyzing money-transactions... These are indicators of a surveillance society! ● Google Picasa offers user-tagging and face- recognition (→ face move → picture tagging) ● Giga-tagging (tagging and face-recognition) of large groups (e.g. football match) is widely used ● Facebook's photo tagging PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 11

  12. situation ● "We know what you're going to do tomorrow," Mark Greene, Fair Isaac's chief executive, told investors earlier this year ● "Data is good," Mr. Greene said in an interview. "The more data we have access to, the more insight we have." ● → Rating system based on predictive analysis and decision management PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 12

  13. history – isolated silos ● Data used to be in silos ● Private data, mostly non-electronic, was only shared in private forums ● Some data was transferred to companies Private data Private enterprise Military/Intelligence PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 13

  14. breakup of boundaries ● Data is shared and used for several purposes ● Companies get involved managing data (big data, platforms, cloud, ...) Private data Private enterprise Military / Intelligence PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 14

  15. affected future I ● Historical and present data affect future reactions ● Behavior and reactions are predicted ● "We know what you're going to do tomorrow" Private data Private enterprise Military / Intelligence PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 15

  16. affected future II ● Leigh Van Bryan, Jan 2012 'I'm going to destroy America and dig up Marilyn Monroe': British pair arrested in U.S. on terror charges over Twitter jokes ● Algorithms support analysis on potential future behavior PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 16

  17. conclusion thesis I ● Data gathering is supporting surveillance ● Indicators for a surveillance society are given ● Enterprises and agencies are verifying mechanisms to analyze and predict behavior PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 17

  18. thesis II The VALU E Identities are becoming one of the future currencies PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 18

  19. the value of an identity ● Information / Internet content stands on its own ● The content's value is influenced by the platform ● The value of this data can be enriched by the publishers-, producers or developers identity – e.g. news- and market-feed (financial) – e.g. product reviewer in a shopping-platform – e.g. political blogs or opinion-makers PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 19

  20. blog and identity ● *1997 weblog → *1999 we blog ● Log = leave track ● Examples: – Micro-blogging (e.g. Twitter, Facebook) – Online Journalism (e.g. news, weather) – Consumer generated advertising (e.g. Amazon- reviews, George Masters iPod adds, CokeLight/Mentos → www.eepybird.com) – Video- and audio blogging (e.g. YouTube) PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 20

  21. making money with blogs ● Spice up your income by adding – Affiliate marketing (per print/print-out, per lead, …) – Pay per click – Link-selling – Advertisement / banner to your blogs. ● Is it worth doing this? PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 21

  22. $$$ ● Examples – selbstaendig-im-netz.de stated 4-5K€ / month – blog.rankseller.de stated in their research that 13% of 2344 responders earned more then 1K€ / month – mongabay.com makes $15-18K / month – problogger.net made $250K in 2007 PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 22

  23. value of Facebook fan$ ● Syncape, April 2013: – 1 fan of a product ≥ $150 for product owner. – Value (of each products fan to a product) is reflected in the actions and interactions of each fan. – Social (and social networking) is a core marketing strategy PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 23

  24. interactions and values ● The value of an identity is linked to interaction with others ● Online interactions become more significant and visible/traceable – therefore interactions themselves become more valuable + A B A vs B - A B PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 24

  25. Amazon reviewer Hall of fame! Total Reviews Helpful Votes Percent Helpful PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 25

  26. content and usage I ● To produce value, content is created, shared and rated by other users Content User A Platform Tool Like Follow Rate User B PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 26

  27. content and usage II ● Platforms are supporting the rating, evaluation and analyzation of identities, behavior, content Platform Content Identity user A User A Vendor Employees Tool Rate Analyze identity and content of User B e.g. user A PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 27

  28. chances for business ● The golden years of digital processing and big data analysis have only just begun Source: [1] PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 28

  29. challenges for business I ● Breach of Sony's Network in April 2011 cost over EUR 120 million ● Some trends business is following – data driven R&D (involve customers in dev. & test) – selling and trading data as a new revenue stream – process automation (e.g. Oyster Card, London) – enhanced data analyzing of shared sources PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 29

  30. challenges for business II ● What is missing? – increase privacy control for users – display how the data is used (transparency) – build data-driven organizations, not IT ● Better security of data increases protection of identities and supports the sustainability and accuracy of data! PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 30

  31. attack surface I ● We still have a ton of vulnerabilities in our platforms and tools & issues with the basics! – Java → affects all web-platforms and tools like Tumblr, Twitter, Facebook – browser and browser-plugins – bloggers: WordPress & WordPress Plugins – web-content, links, XSS → advertising, fraud – internet and IPv4/v6 – local applications and installations including OS PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 31

  32. attack surface II tools & user knowledge & techniques activity #1 … growing … reaching #2 out for new features vulnerabilities & attackers PrismBreak, Frank Ackermann, prism.break@gmx.de, November 2013 32

Recommend

More recommend