Data security, or bring your own tinfoil hats

Transcript

1. Data security or bring your own tinfoil hats Piotr Czajka

   2023
2. None

3. I’m here to make you a little more paranoid

4. Contrary to popular saying crime DOES pay

5. Cybercrime is the 3rd largest economy (2021) $25 trillion $18

   trillion $6 trillion

6. Cybercrime rarely attacks single targets, but rather groups

7. Act 1 PINs, passwords, 2fa & Co.

8. Do you still use PIN?

9. None

10. PIN number popularity 1. 1234 3.72% 2. 2007 2.23% 3.

    2006 2.10% 4. 2008 1.73% 5. 2005 1.33% 6. 1994 1.18% 7. 1993 1.13% 8. 1992 1.13% 9. 1995 1.06% 10. 1991 1.02% 1960-2009 29.87% Data source: RockYou leak, 2009

11. Popular passwords by year 2023 2022 2021 2020 2019 123456

    password 123456 123456 12345 123456789 123456 123456789 123456789 123456 qwerty 123456789 12345 picture1 123456789 password guest qwerty password test1 12345 qwerty password 12345678 password qwerty123 12345678 12345678 111111 12345678 1q2w3e 111111 111111 123123 zinch 12345678 12345 123123 12345 g_czechout 111111 col123456 1234567890 1234567890 asdf 1234567890 123123 1234567 senha qwerty

12. Number of chars Numbers Lowercase Lowercase and uppercase Numbers, Lowercase

    and uppercase Numbers, Lowercase, uppercase and specials 4 < 1 sec < 1 sec < 1 sec < 1 sec < 1 sec 5 < 1 sec < 1 sec < 1 sec < 1 sec < 1 sec 6 < 1 sec < 1 sec < 1 sec 1 sec 5 secs 7 < 1 sec < 1 sec 25 secs 1 mins 6 mins 8 < 1 sec 5 secs 22 mins 1 hour 8 hours 9 < 1 sec 2 mins 19 hours 3 days 3 weeks 10 < 1 sec 58 mins 1 months 7 months 5 years 11 2 secs 1 days 5 years 41 years 400 years 12 25 secs 3 weeks 300 years 2k years 34k years 13 4 mins 1 years 16k years 100k years 2m years 14 41 mins 51 years 800k years 9m years 200m years 15 6 hours 1k years 4m years 600m years 15bn years 16 2 days 34k years 2bn years 37bn years 1tn years 17 4 weeks 800k years 100bn years 2tn years 93tn years 18 9 months 23m years 6tn years 100tn years 7qd years
13. None

14. Don’t be sorry – be better 9 ways to secure

    your account – 6th will surprise you

15. No password

16. PIN

17. Remembered password

18. Password manager KeePassXC KeeWeb Firefox account KeePass

19. 2FA • Something you know • Something you have •

    Something you are

20. Why no biometrics?

21. 2FA SMS/e-mail

22. 2FA code card

23. 2FA token generator app / Access App

24. 2FA token generator

25. U2F key

26. Security is as strong as its weakest component

27. Act 2 How deep is the rabbit hole?

28. Data acquisition is simple

29. None

30. They know what you did last summer • They don’t

    need your IP • They don’t need your account • They don’t need cookies • You know it’s worth something cause there are 3rd party companies offering Fingerprinting as a Service

31. They know what you did last summer They use JS

    APIs your browser provides to generate unique identifier from: • web browser version • number of CPUs on your device • screen size • number of touchpoints • video/audio codecs • operating system and many other details that you would not want a typical news website to see

32. Most popular browsers Browser Engine StatCounter October 2021 NetMarketSha re

    October 2021 W3Counter September 2021 Wikimedia October 2021 Chrome Blink 67.17% 72.96% 63.3% 58.0% Safari WebKit 9.63% 2.72% 17.7% 9.3% Edge Blink 9.33% 12.61% 5.4% 7.8% Firefox Gecko 7.87% 5.54% 5.8% 10.7% Opera Blink 2.89% 1.01% 1.3% 2.0% Others - (most likely Blink) 3.11%

33. Chrome

34. None
35. None
36. None
37. None

38. Firefox

39. None
40. None
41. None
42. None

43. Firefox Open about:config Set resistFingerprinting=true

44. None
45. None
46. None
47. None
48. None

49. Say NO to these browsers

50. Which browser Go to about:config and set resistFingerprinting=true

51. Which browser

52. Act 3 Stealing an election

53. Christopher Wylie

54. None

55. Cambridge Analytica • 1990s: • as SCL – influencing 3rd

    world countries politics • 2016: • USA elections • Providing Russian Intelligence with US sensitive polling and election data • Brexit referendum • 2020: • Investigation showed Cambridge Analytica was involved in 68 countries

56. They are not looking for your data – you give

    it to them like flyers

57. Inviting the fox in the henhouse • Social media posts

    • Your friends’ social media posts • Your „free” e-mail • ChatGPT & Friends • Your „forever friend” Siri, Alexa, Hello Google and Cortana

58. How to steal an election? Steal an election – to

    illegally or immorally influence the result contrary to the current mood of the electorate Definition by Gary Short

59. Your information at war • Vote status quo – instill

    fear of change • Vote status change – instill fear of previous state, show positives of change

60. Your information at war • My voters – sure things

    • Opposition voters – discourage • Swingers – pull on your side and away from opposition • Stay-at-home – keep them in this state

61. How do they influence you

62. Behavioral psychology

63. Compensation effect

64. Broken window effect

65. Pygmalion effect

66. Peer pressure

67. Post-information society

68. Many more • Power of names (twisting words) • Obedience

    to authority • …

69. There are no rules governing social media ads • They

    can lie (popular ads of mobile games) • They are hard to track (personal targeting) • They are easily hidden (they look like posts or information)

70. How to counter that 1. Watch out for psychological manipulations

    2. Look outside of your information bubble 3. Look for news sources and read those (https://ground.news/)

71. Final

72. Whatever doesn't kill you, simply makes you stranger Joker, The

    Dark Knight

73. Shredding the data

74. Watermarks on documents Lorem ipsum dolor sit amet. Est libero

    provident sit veniam quae ea cupiditate optio aut nihil pariatur eos dolor neque est fugiat animi et itaque voluptates. Sed totam ullam ex velit placeat in temporibus illo a eligendi quos aut ipsa nisi et quod repellat est sint autem. Quo itaque molestiae ut ducimus facilis qui sint dolorem in odio rerum ea maiores expedita qui dignissimos minima. Ab quos molestias ut vero sapiente aut magni eveniet qui eaque omnis aut voluptate doloremque sed quas ipsa nam necessitatibus consequuntur. Sit alias illum est minus quidem in ipsa dolores est quis dolor ut galisum dicta quo quia sunt qui consectetur ullam. Et sint molestiae qui fugiat dolor et placeat ullam At repellat recusandae. Sed quae delectus sed consequatur dolorem et dolorum similique et rerum consequatur aut aliquam quasi! Ad inventore voluptatibus nam consequatur quod et explicabo eius et provident ducimus a soluta numquam ut autem nisi et assumenda adipisci. Et magnam amet et omnis sint ut animi corporis in itaque aliquam. Et iste aspernatur qui odit omnis ex labore aspernatur. Cum velit corrupti et mollitia quis sed consequatur repudiandae. Id pariatur inventore vel corrupti impedit ab deleniti minima a mollitia dolores non nobis quia in maiores eius.

75. Spy on your own data

76. Summary 1. Select the right security level E.g.: have one

    super-secure e-mail for important stuff and less secure for other 2. Limit the amount of (semi-)personal information you upload 3. Be suspicious and double-check data you receive from the Internet

77. Bibliography • Wylie Ch.: Mindf*ck: Cambridge Analytica And The Plot

    To Break America. 2019 • Barker H.: Lying Numbers: How Maths and Statistics Are Twisted and Abused. 2020 • Short G.: How to steal an election. 2019. https://www.youtube.com/watch?v=32m8luvA9Qg&list=PL03Lr md9CiGe9QtFC8LRRqknzpKgcrWpes

78. Thank you

79. Sources • United States Map by Vemaps.com • China Map

    by Vemaps.com • GDP values: https://www.worldometers.info/ • Predicted Cybercrime GDP value: https://www.analyticsinsight.net/if-cybercrime-was-a-country-it- would-be-the-third-largest-economy/