SlideShare una empresa de Scribd logo

Towngas Infomation Security Week 2013 presentation

Descargar como PPTX, PDF
Charles Mok
Charles Mok

Presentation to Towngas employees in the inaugural talk of its 2013 Information Security Week activity

TecnologíaEmpresariales
1 de 30
WHY HACKERS HACK? • For material benefits • For status • For vengence (justice?) • For fun • For nothing • For goodness Photo from Google
WHAT HACKERS DO • White hat, black hat • Targeted or for all • Security exploits • From virus to malware • Social engineering: phishing, baiting • Botnets • DDOS • From PC to mobile
DAILY BAD NEWS
IT CAN BE WORSE: STUXNET (2010) Graphic from IEEE Spectrum
STUXNET • Targeting critical infrastructure • State-backed (American and Israeli intelligence) • Targeting Iranian nuclear facilities • Spread via Microsoft Windows • Targets Siemens industrial control systems – controlling, monitoring these systems • Spread via malware or infiltrating a loaded USB stick
WHO IS HE? • Born June 21, 1983 • High school dropout • Worked for NSA, then CIA, then employed by subcontractor Booz Allen Hamilton, working in NSA again • Salary: roughly US$200,000 (―took a pay cut to get back in NSA‖) • Lived in Hawaii before coming to Hong Kong on May 20, 2013 • Left Hong Kong on June 23, 2013 to Moscow, Russia
FIRST, IT WAS VERIZON… • First revealed by the Guardian (UK), NSA granted a court order under FISA (Foreign Intelligence Surveillance Act) of unlimited access to obtain Verizon phone data • Is it ―legal‖?
AND THEN, THERE WAS PRISM • A "clandestine mass electronic surveillance data mining program" since 2007, after the passage of the ―Protect America Act‖ under the Bush administration • PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic acquired under FISA section 702 authority
MORE OF SNOWDEN’S REVELATIONS • More secret programs to be revealed… • 4 surveillance programs (US) • MAINWAY • MARINA • NUCLEON • PRISM • Collecting and analyzing meta data on the internet (i.e. emails) and telecom (i.e. call logs) • Other released programs • Evil Olive – broadening the scope of data collecting • Shell Trumpet – another similar program revealed • EU and its alliance were one of the top targets
WHAT ABOUT OTHER COUNTRIES?  British – Tempora (sharing information with the US)  France – "collects signals from devices in France, and communications abroad‖  Germany – Providing intercepted data to the NSA  Russia – SORM, another surveillance programs  China?  Others?
SNOWDEN ON HONG KONG • Why he chose to come to Hong Kong? • He told SCMP: • Hacking into computers/servers in HK and China • At least several hundred times (>61,000 times globally) • University, public officials, students, businesses • Undersea cables
WORK IN COUNCIL - June 15 rally outside USCG - June 19: followup on urgent oral question; amendment passed on ―building a safe city‖; adjournment motion debate on cyber security - Letter to CE, Security Bureau and PCPD - June 26 Written question on government response - Forum on Infosec with security professionals - July 17: Amendment on motion debate
THE DEMANDS • Seeking response from the US government • HKSARG sent a letter to the US government on June 21 – no answer • Concrete measures to improve information security measures and awareness of local users and SMEs • Revive the Interdepartmental Working Group on Computer-Related Crime to review and propose new cross-departmental measures
GOVERNMENT’S RESPONSE • No problem, it’s all fine – ―we are not aware of any problems‖ • Repeating: • OGCIO’s infosec website • HKCERT • Police’s Cyber Security Center • Interdepartmental WG on cyber security? No. • Everything is fine. Really.
何必,只顧政治化?
原文:《天下烏鴉一般黑 — 如何平衡國家安全、個人私隱和通訊自由》 http://rthk.hk/mediadigest/20130715_76_123001.html
What are the implications?
WHAT NEXT? • The US or other governments can view almost everything they want • Can we still trust the Internet and cloud computing? • Brazil’s President is pushing new legislation to force Internet providers to store data locally gathered in Brazil • But is it practicable? Brazilian President Dilma Rousseff
IS FISA JUST AND FAIR? FISA (Foreign Intelligence Surveillance Act) • Repeatedly enforced after 911 attacks • Said to be for monitoring foreign threats in the US • But the truth is that it allows surveillance on global citizens, and even Americans
IS FISA JUST AND FAIR? • The United Nations Human Rights Commission recently discussed about regulating surveillance technology on global citizens • Suggest to advance international human rights obligations on privacy
WHAT SHOULD WE DO? • World class information security capabilities in HK • Highest density of CISSPs in the world • SMEs and individuals do not appreciate the importance of information security • Education • Protection from ―basic hacking‖ as a start • Set targets to reduce botnets? • Legal or regulatory measures?
Charles Mok Legislative Councilor (Information Technology) charles@charlesmok.hk www.charlesmok.hk Facebook: Charles Mok B Twitter: @charlesmok

Recomendados

The New Front Line:An observation of cyber threats in the 21st century
The New Front Line:An observation of cyber threats in the 21st centuryThe New Front Line:An observation of cyber threats in the 21st century
The New Front Line:An observation of cyber threats in the 21st century
Jonathan Francis Roscoe
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - Slovakia
OCTF Industry Engagement
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Cain Ransbottyn
 
Cyberware
CyberwareCyberware
Cyberware
Ensar Seker
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in Cyberspace
Dr David Probert
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
Directorate of Information Security | Ditjen Aptika
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
Lexume1
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 

Recomendados

The New Front Line:An observation of cyber threats in the 21st century
The New Front Line:An observation of cyber threats in the 21st centuryThe New Front Line:An observation of cyber threats in the 21st century
The New Front Line:An observation of cyber threats in the 21st century
Jonathan Francis Roscoe
 
Judgement Day - Slovakia
Judgement Day - SlovakiaJudgement Day - Slovakia
Judgement Day - Slovakia
OCTF Industry Engagement
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Cain Ransbottyn
 
Cyberware
CyberwareCyberware
Cyberware
Ensar Seker
 
Cyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in CyberspaceCyberterrorism - Conflict in Cyberspace
Cyberterrorism - Conflict in Cyberspace
Dr David Probert
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
Directorate of Information Security | Ditjen Aptika
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
Lexume1
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
Ricardo Reis
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
mysociety
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
shaympariyar
 
Hackers & hacktivism
Hackers & hacktivismHackers & hacktivism
Hackers & hacktivism
Bilal Ali
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentation
axnv
 
"Hacking"
"Hacking""Hacking"
"Hacking"
Ameesha Indusarani
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Abhay Vijay
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
Adv Prashant Mali
 
IoT is Something to Figure Out
IoT is Something to Figure OutIoT is Something to Figure Out
IoT is Something to Figure Out
Peter Hoddie
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
Shubhrat Mishra
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
Andrew Hammond
 
Presentación3
Presentación3Presentación3
Presentación3
Mikecdr
 
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit MeetingCybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
David Opderbeck
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
Neha Raju k
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA (European Emergency Number Association)
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Trend Micro
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Hiren Selani
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 
Internet Surveillance
Internet SurveillanceInternet Surveillance
Internet Surveillance
cfeutlinske
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
Hinne Hettema
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
Kenneth Carnesi, JD
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
Association for Project Management
 

Más contenido relacionado

La actualidad más candente

Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
mysociety
 
Hackers & hacktivism
Hackers & hacktivismHackers & hacktivism
Hackers & hacktivism
Bilal Ali
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Sai praveen Seva
 

La actualidad más candente (19)

CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency ManagementCyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Hackers & hacktivism
Hackers & hacktivismHackers & hacktivism
Hackers & hacktivism
 
Cyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 PresentationCyber Surveillance - Honors English 1 Presentation
Cyber Surveillance - Honors English 1 Presentation
 
"Hacking"
"Hacking""Hacking"
"Hacking"
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
IoT is Something to Figure Out
IoT is Something to Figure OutIoT is Something to Figure Out
IoT is Something to Figure Out
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 
Presentación3
Presentación3Presentación3
Presentación3
 
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit MeetingCybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Internet Surveillance
Internet SurveillanceInternet Surveillance
Internet Surveillance
 

Similar a Towngas Infomation Security Week 2013 presentation

Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
Association for Project Management
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is Different
Justin Grammens
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 

Similar a Towngas Infomation Security Week 2013 presentation (20)

Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
 
Global cybersecurity on earth + in space
Global cybersecurity on earth + in spaceGlobal cybersecurity on earth + in space
Global cybersecurity on earth + in space
 
Global Cyber Security on Earth + in Space
Global Cyber Security on Earth + in SpaceGlobal Cyber Security on Earth + in Space
Global Cyber Security on Earth + in Space
 
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Digital Authoritarianism, Asian Techno-Geopolitics and Technology FragmentationDigital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the Unexpected
 
Digital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismDigital Repression and Techno-Authoritarianism
Digital Repression and Techno-Authoritarianism
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
2004 information peacekeeping-1.1-1
2004 information peacekeeping-1.1-12004 information peacekeeping-1.1-1
2004 information peacekeeping-1.1-1
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is Different
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 

Más de Charles Mok

Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...
Charles Mok
 
Misinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the WorldMisinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the World
Charles Mok
 

Más de Charles Mok (20)

Threats to the Internet
Threats to the Internet Threats to the Internet
Threats to the Internet
 
Cyber Risks in Hong Kong
Cyber Risks in Hong KongCyber Risks in Hong Kong
Cyber Risks in Hong Kong
 
ICANN TWNIC TWIGF 2023: Compliance through Compulsion
ICANN TWNIC TWIGF 2023: Compliance through CompulsionICANN TWNIC TWIGF 2023: Compliance through Compulsion
ICANN TWNIC TWIGF 2023: Compliance through Compulsion
 
全球數位威權趨勢及對台灣的挑戰和機遇
全球數位威權趨勢及對台灣的挑戰和機遇全球數位威權趨勢及對台灣的挑戰和機遇
全球數位威權趨勢及對台灣的挑戰和機遇
 
HKU Tech for Good year2.pdf
HKU Tech for Good year2.pdfHKU Tech for Good year2.pdf
HKU Tech for Good year2.pdf
 
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for DemocracyTechnology4democracy: The Potential of Web3 and Blockchain for Democracy
Technology4democracy: The Potential of Web3 and Blockchain for Democracy
 
APAC Data Center Infrastructure Observations
APAC Data Center Infrastructure ObservationsAPAC Data Center Infrastructure Observations
APAC Data Center Infrastructure Observations
 
Chinese Digital Repression
Chinese Digital RepressionChinese Digital Repression
Chinese Digital Repression
 
Technology, Data and Ethics
Technology, Data and EthicsTechnology, Data and Ethics
Technology, Data and Ethics
 
全球數位威權趨勢對台灣的挑戰和機遇
全球數位威權趨勢對台灣的挑戰和機遇全球數位威權趨勢對台灣的挑戰和機遇
全球數位威權趨勢對台灣的挑戰和機遇
 
台灣數位經濟及區塊鏈的機遇與挑戰.pdf
台灣數位經濟及區塊鏈的機遇與挑戰.pdf台灣數位經濟及區塊鏈的機遇與挑戰.pdf
台灣數位經濟及區塊鏈的機遇與挑戰.pdf
 
Censorship, Surveillance and Cyber Threats in Hong Kong.pdf
Censorship, Surveillance and Cyber Threats in Hong Kong.pdfCensorship, Surveillance and Cyber Threats in Hong Kong.pdf
Censorship, Surveillance and Cyber Threats in Hong Kong.pdf
 
HKU Tech for Good.pdf
HKU Tech for Good.pdfHKU Tech for Good.pdf
HKU Tech for Good.pdf
 
Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...Why open and interoperable Internet infrastructure is key to the Internet's c...
Why open and interoperable Internet infrastructure is key to the Internet's c...
 
Misinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the WorldMisinformation, Fake News and Harmful Content Laws in the World
Misinformation, Fake News and Harmful Content Laws in the World
 
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and TrendsFrom Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
From Re-Opening to Recovery: Post-COVID Security and Privacy Issues and Trends
 
From Crypto to Trust and Identity
From Crypto to Trust and IdentityFrom Crypto to Trust and Identity
From Crypto to Trust and Identity
 
Have you AI'ed today? A Reality Check
Have you AI'ed today? A Reality CheckHave you AI'ed today? A Reality Check
Have you AI'ed today? A Reality Check
 
The Trouble with "Fake News" Laws
The Trouble with "Fake News" LawsThe Trouble with "Fake News" Laws
The Trouble with "Fake News" Laws
 
2020-21 Budget -- New measures on I&T
2020-21 Budget -- New measures on I&T 2020-21 Budget -- New measures on I&T
2020-21 Budget -- New measures on I&T
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Towngas Infomation Security Week 2013 presentation

  • 1.
  • 2. WHY HACKERS HACK? • For material benefits • For status • For vengence (justice?) • For fun • For nothing • For goodness Photo from Google
  • 3. WHAT HACKERS DO • White hat, black hat • Targeted or for all • Security exploits • From virus to malware • Social engineering: phishing, baiting • Botnets • DDOS • From PC to mobile
  • 5. IT CAN BE WORSE: STUXNET (2010) Graphic from IEEE Spectrum
  • 6. STUXNET • Targeting critical infrastructure • State-backed (American and Israeli intelligence) • Targeting Iranian nuclear facilities • Spread via Microsoft Windows • Targets Siemens industrial control systems – controlling, monitoring these systems • Spread via malware or infiltrating a loaded USB stick
  • 7.
  • 8. WHO IS HE? • Born June 21, 1983 • High school dropout • Worked for NSA, then CIA, then employed by subcontractor Booz Allen Hamilton, working in NSA again • Salary: roughly US$200,000 (―took a pay cut to get back in NSA‖) • Lived in Hawaii before coming to Hong Kong on May 20, 2013 • Left Hong Kong on June 23, 2013 to Moscow, Russia
  • 9. FIRST, IT WAS VERIZON… • First revealed by the Guardian (UK), NSA granted a court order under FISA (Foreign Intelligence Surveillance Act) of unlimited access to obtain Verizon phone data • Is it ―legal‖?
  • 10. AND THEN, THERE WAS PRISM • A "clandestine mass electronic surveillance data mining program" since 2007, after the passage of the ―Protect America Act‖ under the Bush administration • PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic acquired under FISA section 702 authority
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. MORE OF SNOWDEN’S REVELATIONS • More secret programs to be revealed… • 4 surveillance programs (US) • MAINWAY • MARINA • NUCLEON • PRISM • Collecting and analyzing meta data on the internet (i.e. emails) and telecom (i.e. call logs) • Other released programs • Evil Olive – broadening the scope of data collecting • Shell Trumpet – another similar program revealed • EU and its alliance were one of the top targets
  • 18. WHAT ABOUT OTHER COUNTRIES?  British – Tempora (sharing information with the US)  France – "collects signals from devices in France, and communications abroad‖  Germany – Providing intercepted data to the NSA  Russia – SORM, another surveillance programs  China?  Others?
  • 19. SNOWDEN ON HONG KONG • Why he chose to come to Hong Kong? • He told SCMP: • Hacking into computers/servers in HK and China • At least several hundred times (>61,000 times globally) • University, public officials, students, businesses • Undersea cables
  • 20. WORK IN COUNCIL - June 15 rally outside USCG - June 19: followup on urgent oral question; amendment passed on ―building a safe city‖; adjournment motion debate on cyber security - Letter to CE, Security Bureau and PCPD - June 26 Written question on government response - Forum on Infosec with security professionals - July 17: Amendment on motion debate
  • 21. THE DEMANDS • Seeking response from the US government • HKSARG sent a letter to the US government on June 21 – no answer • Concrete measures to improve information security measures and awareness of local users and SMEs • Revive the Interdepartmental Working Group on Computer-Related Crime to review and propose new cross-departmental measures
  • 22. GOVERNMENT’S RESPONSE • No problem, it’s all fine – ―we are not aware of any problems‖ • Repeating: • OGCIO’s infosec website • HKCERT • Police’s Cyber Security Center • Interdepartmental WG on cyber security? No. • Everything is fine. Really.
  • 25. What are the implications?
  • 26. WHAT NEXT? • The US or other governments can view almost everything they want • Can we still trust the Internet and cloud computing? • Brazil’s President is pushing new legislation to force Internet providers to store data locally gathered in Brazil • But is it practicable? Brazilian President Dilma Rousseff
  • 27. IS FISA JUST AND FAIR? FISA (Foreign Intelligence Surveillance Act) • Repeatedly enforced after 911 attacks • Said to be for monitoring foreign threats in the US • But the truth is that it allows surveillance on global citizens, and even Americans
  • 28. IS FISA JUST AND FAIR? • The United Nations Human Rights Commission recently discussed about regulating surveillance technology on global citizens • Suggest to advance international human rights obligations on privacy
  • 29. WHAT SHOULD WE DO? • World class information security capabilities in HK • Highest density of CISSPs in the world • SMEs and individuals do not appreciate the importance of information security • Education • Protection from ―basic hacking‖ as a start • Set targets to reduce botnets? • Legal or regulatory measures?
  • 30. Charles Mok Legislative Councilor (Information Technology) charles@charlesmok.hk www.charlesmok.hk Facebook: Charles Mok B Twitter: @charlesmok