Anatomy of a Crime: Secure DevOps or Darknet Early Breach Detection

Tuesday, October 30, 2018 - 9:00 am9:45 am

Dr. Sarah Lewis Cortes, Salesforce

Abstract: 

Criminals lurk on the darknet, where child abuse forums have exploded in recent years, as well as other crime: intellectual property theft, narcotics, and carding, to name a few. Roman Seleznev convicted in 2017 and now serving 27 years in Seattle, brought darknet carding data breaches to a new level. What role does the darknet play in data breaches? What can operations and infrastructure developers consider when building their systems to help prevent breaches? We review a real life darknet breach at a major retailer, who's 2017 settlement for the first time requires darknet monitoring. We demonstrate how assumptions that hackers could never reach the RAM of Point of Sale (PoS) devices facilitated some of the largest breaches in history. Credit card information stored briefly in the plain text memory buffers in the PoS systems is just one risk that may not occur in development, or may be dismissed as far-fetched. We present considerations for operations and infrastructure developers when building systems.

Sarah Cortes, Salesforce

Dr. Sarah Lewis Cortes earned her undergraduate degree at Harvard University, studied Forensic Sciences at Boston University Medical School, and holds a PhD in Computer Science, Cybersecurity from Northeastern University, specializing in the Darknet, Privacy and Privacy Law as well as IT Security, topics on which she has published extensively. She conducts training and research with the FBI, the Alameda County Sheriff’s Office Digital Forensics Crime Lab, and other LEAs. Prior to undertaking her PhD, Sarah was SVP for Security, IT Audit and Disaster Recovery at Putnam Investments, an investment management firm with over $1 trillion in assets under management.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {221847,
author = {Sarah Cortes},
title = {Anatomy of a Crime: Secure {DevOps} or Darknet Early Breach Detection},
year = {2018},
address = {Nashville, TN},
publisher = {USENIX Association},
month = oct
}

Presentation Video 

Presentation Audio