Make Tea Not War
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Make Tea Not War

on

  • 1,136 views

Roelof Temmingh

Roelof Temmingh
ZaCon 2009
http://www.zacon.org.za/Archives/2009/slides/

Statistics

Views

Total Views
1,136
Views on SlideShare
1,135
Embed Views
1

Actions

Likes
1
Downloads
17
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Make Tea Not War Presentation Transcript

  • 1. AGENDA   Whoami blah   Paterva blah blah Always wanted to do a talk on fun stuff 1.  It’s a security con ?   blah 2.  UAVs, laser guided munitions   The fun stuff 3.  EXCLUSIVE – hold the press !!   (South African) Facebook zero day !
  • 2. INTELLIGENCE / INFO GATHERING   Why do you ‘hack’?   Information   Control…leads to information   Controls are getting harder to break   In proper assessment, 80-90% of time is spent on intelligence gathering.   Intelligence gathering is also   A port scan   A Nessus scan…   ..because we learn more about our target
  • 3. YOU ARE PART OF THE STACK!   Threats are moving up the stack   Network -> OS -> Application - - -> Person Understand the graph – volume and frequency
  • 4. PEOPLE, SOCIAL ENGINEERING AND MALWARE   Everyone is talking malware….   Malware -> attacking the workstation   Server in a server room vs. workstation with a person behind it   For conventional malware traditional network mapping is worthless   Focus in the past: find the server and perimeter (infrastructure foot print)   Thinking needs to be updated   Now – person / company profiling -> the new foot print
  • 5. HACKERS VS. CRIMINALS   Commercializing vulnerabilities
  • 6. MAKING ZA STRONGER Don’t hack ... but if you really have to:   Have good/right intentions -> !criminal   Never ever use what you found   Don’t give SAP a reason to go look for you...   Mail your findings so that they can learn/fix   ..not from your work - duh...   Development is NOT easy, and they are not idiots!   Treat with respect – ‘jy is volgende vettie!’   Don’t disrupt / destroy / delete anything   (even if they gave you bad service)   ‘Insider knowledge’ does not count...   You are just an ass   Don’t share outside of SA   Sanitize and share the knowledge/tech – locally   Don’t be a doos at international cons.... Slammer ‘secured’ more networks in a day than all the security consultants in a year Change only happens at the point of extinction Strongest piece of metal is at the breaking point A chain is as strong as it’s weakest member
  • 7. UAVS   UAV == Unmanned aerial vehicle   Think back to your model airplane   Let’s put a camera in there !   Let’s put a BB gun in there !   Let’s put a Hellfire missile in there !!   Different sizes   Fixed wing / rotary   Electrical / Fuel powered   Used to be for recon, now also armed
  • 8. UAVS
  • 9. UAVS   Different altitudes   60k feet / 18km++ (Zephyr)   100 feet (hand launched)   747 flies at around 32-40k feet   Speed (max)   747 flies at around 900 km/h   Predator MQ1 – 217 km/h   Avenger, Global Hawk 750 km/h   Prop vs. jet   Flying time   Up to 82 hours ... Typical 30h ish
  • 10. UAVS   Initial idea 1980s, serious thought in 1990s   Driving force behind it  CIA   CIA pilots   Most known / successful = General Atomic   Predator - Series A   1995   RQ / MQ   Reaper - Series B   MQ9   2002   Avenger - Series C   Announced 2009
  • 11. UAVS - PREDATOR
  • 12. UAVS - REAPER
  • 13. UAVS - AVENGER
  • 14. UAVS – AVENGER SPECS   Jet engine   Speed – 740 km/h   Fly time – 20h   Altitude – 60k feet / 18km   Stealth - internal weapons bay, shape, materials, exhaust   RADAR / Optics / Targeting   Payload – 1.3 tons of Hellfire / Paveway II/ JDAM
  • 15. UAVS – COMMAND & CONTROL   Line of sight – C band (4 – 8 GHz)   Satellite – Ku band (11 – 15 GHz)   Can be routed over commercial sats. NBC - 1983   3 crew members   Pilot   Flying - looking through a straw   2 x sensor guys   Difference in two scans :   Tire tracks, movement
  • 16. CAPTURING UAVS   If communications dies it flies home   Self destruct ?
  • 17. FOOTAGE
  • 18. MATCHING WAR PORN TO GOOGLE EARTH EARTH
  • 19. UAVS – PROBLEMS   Not a lot – it seems to kind of work well..   Ku band sucks in heavy weather   Pray for rain   Lag of up to two seconds   Like playing CS/CoD over a link made of wet towels and barbed wire   No dog fights!   Thus– send in the UAVs once air dominance has been established
  • 20. SO, WE’RE PRETTY MUCH ...
  • 21. LET’S JUST HIDE   Optics, infra red, RADAR   Conceal, underground   Rapid change in environment?   The Chinese vs. American spy sat story   Uhmm...next...   Weapons   Bombs, missiles   LASER guided So...it becomes a game of defending against laser guided munitions
  • 22. HOW LASER GUIDED MUNITIONS WORK   Understand a little about light   Light storage system == FAIL   Terminology   Seeker = the bomb/missile   Designator = guy / plane with the laser   ‘Painting’ the target   Invisible laser == you won’t see it..   Bomb vs. missile   28km,60km (spice) radius
  • 23. PAINTING THE TARGET
  • 24. LASER ON!
  • 25. ENCODING   But - there could be multiple targets and multiple munitions   Seeker needs to know where it should go   Thus – must be able to distinguish designators   This is done by pulsing the laser   Fast   Very fast   You won’t see it’s pulsing ... either.   Encoding   PIM – Pulse Interval Module   PRF – Pulse Repetition Frequency
  • 26. PIM
  • 27. PRF / PIM   Missiles are pre-programmed, or programmed on the fly.   PRF code is 3 digits.   Does this make sense?   Everyone should now be thinking...brute force   But just hang on..   Testing it:
  • 28. BTW - HOW DOES IT GET TO THE MUNITIONS?   Open protocol – on the ‘net   MIL-STD-3014 - MiDEF == PDF for munitions   In flight coding was introduced in 2008
  • 29. DUDE, ERRR...NO.. VERY UN-COOL, DON’T PRESS THAT ...
  • 30. AND THE OTHER SIDE OF THE EQUATION
  • 31. DETECTION   See the light!   We can detect the designator’s laser light   We know we are being targeted (like in the movies)...and run   We can decode the PIM/PRF   We might know if we are a priority target – nice...   Page 45 -6b: “Lower code numbers and faster pulse rates are appropriate for the most important targets and the most difficult operating conditions.”
  • 32. DETECTION Laser warning sensor configured as a multi-sensor arrangement and interfaced with a suitable smoke/aerosol screening system can be used effectively on platforms like main battle tanks, AFV, etc., to provide platform protection from laser-guided munitions. The development of this sensor is a totally indigenous effort, both in design and implementation.
  • 33. DETECTION   Can we determine the direction of the designator?   Know where the special ops guy is sitting / plane   Source or reflected light?   We might look at the divergence ??   Shape of the reflected light   Know how far away the special ops guy is / plane
  • 34. REPLAY   Sniff the light!   Replay attack should work well...   You don’t even have to know what the designator says   Does it makes sense to have a 256 number code?   Why are PRF codes 393,424,515 and so on more popular?   Americans are always thinking big (1000 missiles at a time)   Bomb does not speak .. One way comms   So now it’s becoming interesting..
  • 35. “WTF – DID IT JUST TURN THIS WAY?!”   .. replay the laser pulses ...   ..and point it somewhere else...like..   ...at the designator (see previous slides)   Will this work when the designator is a plane? NOT   “Page 46, Chapter 5 – Safety: c. Inversion. Caution must be used when the laser-target line is over +30 degrees of the attack heading to ensure the LST or LGB does not detect and guide on the laser designator instead of the target‘s reflected laser energy.”   Oops..
  • 36. JDAMS   Guidance retrofitted to dumb bombs   GPS   TV (with RF link)   Inertial navigation system   Range up to 60km from drop, up to 12 control surfaces   Cheap – 21k USD compared to missiles at around 75k USD
  • 37. WHY DO YOU HAVE THESE SLIDES AT THE CON ACTUALLY? AG, NO MAN REALLY...   Ona more serious note...   Same principles in attack (thinking) applies   It’s really just 1s and 0s   Don’t think it’s too complex!   If you ask the right questions, you can Google the answers   (Patents, specs, etc.)   Significantly complex tech is indistinguishable from magic.   Development of UAVs in non US countries is a big headache for the US...
  • 38. QUESTIONS?
  • 39. FACEBOOK 0 DAY, BOUGHT TO YOU BY...
  • 40. ...VODACOM
  • 41. WE USE THE MAGIC EMAIL ADDRESS...
  • 42. ..AND AWAY IT GOES!