1
00:00:00,810 --> 00:00:07,470
Before we can meaningfully classify threats in this way we need to elaborate on each of these categories.

2
00:00:11,580 --> 00:00:13,200
Let's start with identity's spoofing

3
00:00:15,910 --> 00:00:23,000
the pictures in the slide tell us two stories as you can see in the real world obtaining a false ID

4
00:00:23,000 --> 00:00:26,330
is not a problem.

5
00:00:26,340 --> 00:00:29,510
The picture shows a bazaar in Bangkok.

6
00:00:29,660 --> 00:00:31,990
The competition in this business is strong.

7
00:00:33,320 --> 00:00:35,080
The order is filled on the spot.

8
00:00:37,170 --> 00:00:44,250
Going about the streets of Bangkok you can become a Harvard graduate a qualified diver or an airline

9
00:00:44,250 --> 00:00:44,860
pilot.

10
00:00:46,240 --> 00:00:51,170
Unusual requests are done within 30 minutes.

11
00:00:51,190 --> 00:00:55,650
The picture below shows identity forging as it's done in the virtual world of the Internet.

12
00:00:57,900 --> 00:01:00,950
This is a profile of someone claiming to be John Davidson.

13
00:01:02,700 --> 00:01:07,990
An author of a blog and the user of a Linked In profile.

14
00:01:08,020 --> 00:01:11,800
The thing is he's not John Davidson.

15
00:01:11,830 --> 00:01:13,580
His name is Marcus Miree.

16
00:01:15,330 --> 00:01:19,640
He used a fake identity to prove how easy it is to impersonate others on the Internet.

17
00:01:21,600 --> 00:01:23,330
How can you fake your identity.

18
00:01:25,050 --> 00:01:27,560
It's not only impersonating somebody else.

19
00:01:29,090 --> 00:01:32,710
You can come across a spoof Web site that looks just like the real one.

20
00:01:35,270 --> 00:01:38,000
Thanks to programs that can download a Web site as a whole.

21
00:01:38,030 --> 00:01:39,460
It's not complicated.

22
00:01:41,740 --> 00:01:48,970
The downloaded index HVM file contains the local version of the Web site.

23
00:01:48,990 --> 00:01:54,760
If we then send the file to our own server we have an exact copy of the Web site that we can manage

24
00:01:54,760 --> 00:01:56,010
all by ourselves.

25
00:01:58,500 --> 00:02:02,660
In other ways to impersonate the victim's friends and emails.

26
00:02:02,780 --> 00:02:05,710
Very often this is how spam messages get circulated.

27
00:02:08,150 --> 00:02:11,890
Such messages are no longer general but highly personalized.

28
00:02:14,200 --> 00:02:15,940
For example the subject may read.

29
00:02:15,970 --> 00:02:19,020
Hi Martin and the signature could be.

30
00:02:19,020 --> 00:02:22,610
Regards Caroline.

31
00:02:22,660 --> 00:02:27,800
We can also try to deceive technological security solutions using stolen certificates

32
00:02:30,790 --> 00:02:35,060
we've already mentioned that you can't completely trust technological solutions.

33
00:02:37,170 --> 00:02:44,100
Internet certificates have been repeatedly stolen and used to send malicious software.

34
00:02:44,120 --> 00:02:51,140
The national census of 2011 could have become an opportunity for identity spoofing.

35
00:02:51,290 --> 00:02:55,070
You can take part in the census via internet to sign in.

36
00:02:55,070 --> 00:03:01,320
You had to give your full name social security number ID or driver's license number.

37
00:03:01,320 --> 00:03:04,130
Place of birth or your mother's maiden name.

38
00:03:07,820 --> 00:03:15,540
The thing is that as we know such information is widely available on the Internet I.D. numbers and Social

39
00:03:15,540 --> 00:03:20,450
Security numbers are easy to obtain if a person owns a business or as a business partner.

40
00:03:22,210 --> 00:03:26,260
A full name is widely available.

41
00:03:26,290 --> 00:03:31,750
The mother's maiden name is harder to find but sometimes you can find it in the social networking profile

42
00:03:33,510 --> 00:03:38,870
all of this has made it very easy to impersonate someone's identity.

43
00:03:38,870 --> 00:03:43,950
It's interesting though that you can't file a yearly tax return via the internet.

44
00:03:44,180 --> 00:03:50,980
Even though there is no possibility to fake the data here if someone filled out the form using personal

45
00:03:50,980 --> 00:03:59,200
data there's no way we would know that unless we weren't going to file a tax return that year.

46
00:03:59,210 --> 00:04:04,760
The solution wasn't implemented in the case where it would have been safe but it was used in the case

47
00:04:04,760 --> 00:04:06,540
where the risk was much greater.

48
00:04:08,550 --> 00:04:13,710
All the greater because virtually anyone can change somebody else's password using the person's personal

49
00:04:13,710 --> 00:04:18,120
data.

50
00:04:18,170 --> 00:04:26,650
The Census application stored passwords as plaintext anyone could call the census call center give someone

51
00:04:26,650 --> 00:04:30,870
else's personal data and the consultant would tell the password.

52
00:04:33,520 --> 00:04:37,040
This is one of the direct threats connected to identity impersonation.

53
00:04:38,670 --> 00:04:41,120
No one should have the chance to read your password.

54
00:04:41,370 --> 00:04:50,400
Even the application that stores it very often we use the same password for many accounts and systems.

55
00:04:50,470 --> 00:04:56,530
So when somebody obtains a password they can get access to many services such as email Klan's or computer

56
00:04:56,530 --> 00:04:57,190
systems.