Your SlideShare is downloading. ×
0
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How To Steal A Nuclear Warhead, Without Voiding Your XBox Warranty

9,182

Published on

We will present the common elements and basic mechanisms of modern tamper-evident seals, tags, and labels, with emphasis on attack and circumvention. Adhesive seals, crimp seals, wire wraps, fiber …

We will present the common elements and basic mechanisms of modern tamper-evident seals, tags, and labels, with emphasis on attack and circumvention. Adhesive seals, crimp seals, wire wraps, fiber optic seals, electronic, chemical, biological, and make-shift seals will be dissected, examined, and explained, with emphasis on their shortcomings and circumvention techniques. We will also present an overview of typical applications for tags, seals, and labels, including covert traps and uses ranging from consumer goods to loss reduction to government secrets.

Published in: Self Improvement
1 Comment
3 Likes
Statistics
Notes
  • Very very good presentation and highly interesting. Thank you for sharing!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
9,182
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
99
Comments
1
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How to Steal a Nuclear WarheadWithout Voiding Your XBox Warranty<br />An Introduction to<br />Tamper-Evident Devices, <br />Applications, Design, & Circumvention<br />Jamie Schwettmann & Eric Michaud<br />
  • 2. The Way Things Will Go<br />What are Tamper-Evident Devices & Why Should I care?<br />The Proof is in the, uhm, …what Proof?<br />Types of Devices:<br />Adhesives, Inks, and Sealants<br />Wraps, Seals, Physical Barriers<br />Optics, Electronics, and Alarms<br />Other Unique Devices<br />Tag, You’re it! Attacks and Bypasses<br />Seal the Deal! Risks and Implications of Tamper, from Real-life Scenarios<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 3. What are Tamper-Evident Devices and Why Should I Care?<br />
  • 4. What are Tamper-Evident Devices?<br />These are not the tags and seals you’re looking for.<br />Move along.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 5. What are Tamper-Evident Devices?<br />Definition:<br />Any tag, seal, alarm or other indicator which can be employed to evidence unauthorized intrusion or alteration to a container, room, building, device housing, or other material is a tamper-evident device.<br />Materials secured by such devices are often said to be “sealed”<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 6. What are Tamper-Evident Devices?<br />Humans learned tamper-evidencing from Nature<br />Probably Safe to Eat<br />Probably<br />NOT SAFE to Eat<br />Photos: Jamie Schwettmann<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 7. What are Tamper-Evident Devices?<br />At least 7,000 years ago, intricate stone carvings were pressed into clay to seal jars and later, writing tablets. <br />Photo: uriel_1998<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 8. Why Should I Care?<br />Everybody’s doing it…<br />And so are YOU.<br />Avoid lawsuits and recalls<br />Shrink & fraud reduction<br />Quality assurance<br />Don’t trust the messenger… check for tampering.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 9. The Proof is in the… … uhm, what Proof?Inspection Methods andEvidence<br />
  • 10. The Proof: Inspection Methods<br />Casual Inspection (duh, it’s broken)<br />NO SPECIAL TOOLS REQUIRED!!!<br />Photo: Jamie Schwettmann<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 11. The Proof: Inspection Methods<br />Blink Comparison<br />Photo: Jamie Schwettmann<br />One of these things is not like the others…<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 12. The Proof: Inspection Methods<br />Blink Comparison<br />Photo: Jamie Schwettmann<br />One of these things is not like the others…<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 13. The Proof: Inspection Methods<br />Traps and Alarms<br />Designed to automate notification of tampering<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 14. The Proof: Inspection Methods<br />Rigorous Scientific Examination<br />Materials Analysis<br />Xray, UV, and Microscopy<br />Circuit Verification<br />Chemical Testing<br />Checksums and Hashing<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 15. Types of Devices<br />
  • 16. Adhesives, Inks, & Sealants: Characterization<br />Adhesives<br />Bonds to surface<br />Overt removal damages surface or film barrier<br />Inks, Marks, & Stamps<br />Visually broken by tampering<br />Sealants<br />Similar to adhesive<br />No film or other barrier necessary <br />Photo: Joe Shlabotnik<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 17. Adhesives, Inks, & Sealants: Circumvention<br />Thermal Stressing (best)<br />Heat: hair dryer or heat gun<br />Cold: freezer or dry ice<br />Solvents (may be messy)<br />Alcohols<br />Acids<br />Petrochemicals<br />Mineral Oil<br />Water or Steam<br />Needles & Razor Blades<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 18. Wraps, Crimps, Physical Barriers: Characterization<br />All require material rupture to evidence tampering.<br />Wraps:<br />Cover or surround container or device<br />Sealed with heat, adhesive, or mechanically crimped<br />Plastic, paper, or foil films<br />Crimps:<br />Mechanical or heat-pressed seal<br />Metal, plastic, paper, foil<br />Other Physical Barriers:<br />Wire wraps, zip ties, cup seals, pull-tabs, break-away caps, perforated films, tapes, blisterpacks, band seals, bolt locks, plastic padlocks, dangle-tabs, rivets, etc. <br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 19. Wraps, Crimps, Physical Barriers: Circumvention<br />Most require physical manipulation or modification, followed by reinstatement of seal<br />Many can be shimmed<br />Thermal Stress still helps<br />Custom tools may be required<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 20. Optics, Electronics, Alarms: Characterization<br />Unifying feature: Sensors<br />Optical Devices<br />Beam-break<br />Motion detection<br />Often trigger other events<br />Electronic Devices<br />Any kind of switch or sensor may be used<br />RFIDs!!! SERIOUSLY!?<br />Alarms<br />Active alert of breach<br />Often connected to electronics (not always)<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 21. Optics, Electronics, Alarms: Circumvention<br />Automation makes humans lazy => less examination may occur!<br />Electronic devices have inherent sampling rates and trigger tolerance – events outside these won’t trigger<br />Inline signal and alarm bypasses may be available<br />Devices operating on a network may be susceptible to additional attacks <br />Many are themselves tamper-evidenced with physical methods<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 22. Tag, You’re It!Attacks, Bypasses and Circumventions<br />
  • 23. Bypass of Wire Wraps<br />Classic Coke shimming method<br /> Requires:<br /> Razorblade<br /> Coke<br />Photos: Gabriel Lawrence<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 24. Barriers: Bypassing Films and Stickers<br />Go a little MacGuyver<br />Fishing Line/Mint Dental Floss<br />Goo Gone/Acetone/Similar Solvents<br />Hypodermic Needle <br />Sewing Needles<br />A steady and patient hand<br />Heat Gun<br />Attack the containers skip the Seals!<br />Photo: Gabriel Lawrence<br />Photo: Gabriel Lawrence<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 25. Barriers: Attacking Bolt Seals<br />Two methods:<br />Dissolve. Shim, or drill retaining ring, then replace<br />Cut head off, add screw and Loctite<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 26. Barriers: Attacking Bolt Seals<br />Two methods:<br />Dissolve. Shim, or drill retaining ring, then replace<br />Cut head off, add screw and Loctite<br />1<br />Retaining Ring<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 27. Barriers: Attacking Bolt Seals<br />Two methods:<br />Dissolve. Shim, or drill retaining ring, then replace<br />Cut head off, add screw and Loctite<br />1<br />Drill here<br />Retaining Ring<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 28. Barriers: Attacking Bolt Seals<br />Two methods:<br />Dissolve. Shim, or drill retaining ring, then replace<br />Cut head off, add screw and Loctite<br />Cut as high as possible<br />2<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 29. Bypass Bolt Barrier Seals<br />Polycarbonate Seals are prone to material removal<br />Insert tool in hole on base with nail or chisel then spin plug till it releases.<br />For Metal plugs make custom shim <br />To reseal press plug back in.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 30. Bypass Bolt Barrier Seals<br />Sometimes it’s easier to attack the container<br /><ul><li>Drill out the rivets
  • 31. Take off a hinge
  • 32. Cut a hole in the side </li></ul>…and then repair it. <br />Photo: Thomas Hawk<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 33. Bypass Bolt Barrier Seals<br />Sometimes it’s easier to attack the container<br /><ul><li>Drill out the rivets
  • 34. Take off a hinge
  • 35. Cut a hole in the side </li></ul>…and then repair it. <br />Photo: Thomas Hawk<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 36. Bypass Bolt Barrier Seals<br />Sometimes it’s easier to attack the container<br /><ul><li>Drill out the rivets
  • 37. Take off a hinge
  • 38. Cut a hole in the side </li></ul>…and then repair it. <br />Photo: Thomas Hawk<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 39. Bypass Bolt Barrier Seals<br />Sometimes it’s easier to attack the container<br /><ul><li>Drill out the rivets
  • 40. Take off a hinge
  • 41. Cut a hole in the side </li></ul>…and then repair it. <br />Photo: Thomas Hawk<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 42. Bypass Bolt Barrier Seals<br />Sometimes it’s easier to attack the container<br /><ul><li>Drill out the rivets
  • 43. Take off a hinge
  • 44. Cut a hole in the side </li></ul>…and then repair it. <br />Photo: Thomas Hawk<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 45. Circumventing Cup Seals<br />Similar to removing a water bottle cap…<br />Shape a stiff piece of metal into a hook, insert/twist/depress tangs and repeat<br />To reseal, reset tangs, then press cap back into place<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 46. Breakaway Tags/Padlocks<br />Shimming and chiseling work well for these padlocks.<br />Splitting down side then careful re-gluing works also<br />Heat Gun to replace physical distress marks<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 47. Breakaway Tags/Padlocks<br />Chisel<br />Shim<br />Re-glue<br />Insert Shims/Chisels at entrance, either reset or glue.<br />Photo: timlewisnm<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 48. Breakaway Plastic Bands<br />Plastic Bands <br />Chisel the restricting tips<br />Heat Gun to reset color of physical stress indicators<br />Spread Heat over physically distressed areas<br />Insert chisel here and chop!<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 49. Bypassing Metal Band Seals<br />Many Mechanisms simply beaten with bent pieces of metal<br />Photo: Gabriel Lawrence<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 50. Wax Seals Defeats<br />Thermal Stressing<br />Hot air Gun to make pliable<br />Canned Air to cause shrinkage and removal then reheat to reapply<br />Photo: Joe Shlablotnik<br />Photos: Gabriel Lawrence<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 51. Defeating Envelopes<br />Steaming still works!<br />but if it doesn’t, other solvents probably will!<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 52. Seal the Deal! Risks and Implications of Tamper:Real-World Scenarios<br />
  • 53. Scenario One: The XBox Tamper Seal<br />Easily removed unscathed with a hairdryer and razor blade. <br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 54. Scenario Two: Drug Tests Anyone?<br />Who relies on a clean test to keep their jobs and clearances?<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 55. Scenario Three: This Pepsi Stings<br />Remember the summer of 93?<br />It’s a long time ago, I know…<br />Rumors of Syringes in Pepsi cans <br />Turned out to be a hoax, but severally harmed the image of Pepsi<br />Your Assembly Process is part of the Tamper-Evident system also!<br />Even though it was hoaxed by many copy-cats, Pepsi had to release ads and the FDA had to get involved.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 56. Scenario Four: Chicago Tylenol Murders<br />Potassium Cyanide is my <br />drug of choice…<br />What happened?<br /> Deaths from Cyanide-laced <br />Extra Strength Tylenol, 1982-1986<br />On some bottles, the seals had not <br />been broken<br />Results:<br />On October 5, 1982, Johnson & Johnson issued a nationwide recall of Tylenol products; an estimated 31 million bottles were in circulation, with a retail value of over$100M.<br />Johnson & Johnson went from 38% of sales to 8%<br />It did rebound after a year, …but not without the loss.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 57. Scenario Four: Chicago Tylenol Murders<br />Unsolved mystery<br />No killer has been found… the case is still open<br />J&J claims the bottles were tampered on the shelves<br />No evidence of post-production bottle-tampering was found<br />Monsanto, also in Illinois, filed patent 4439453for tableting acetaminophen in Sep 1982, just a week before the Tylenol murders began…<br />A change to the industry<br />Federal Anti-Tampering Act (1983)<br />Capsules replaced by tablets <br />…industry-wide<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 58. Scenario Five: Now where did I leave that fissile material?<br />The IAEA details transportation requirements and does inspections.<br />Represents the UN and the Security Council<br />Lost Source Incidences<br />Rogue States – DPRK Anyone?<br />Material Sold to Non-Security Council countries<br />Photo: ANL VAT<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 59. Conclusions…<br />
  • 60. Conclusion<br />If possible,<br />avoid<br />attacking <br />the seal<br />directly.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 61. Conclusion<br />If possible,<br />avoid<br />attacking <br />the seal<br />directly.<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 62. Conclusion<br />Image: TshirtHell.com<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 63. Additional Resources<br />Your local arts, crafts, and hardware store!!<br />Tamper-Evident Devices:<br />Journal of Physical Security <br />(Argonne National Laboratory Vulnerability Assessment Team)<br />Insecurity of Drug Testing:<br />Journal of Drug Issues<br />Freight Container Mechanical Seals: ISO/PAS 17712 (2010)<br />J. Schwettmann & E. Michaud, BlackHat DC, 18 Jan 2011<br />
  • 64. For a Seal-Clubbing Good Time Call<br />Jamie Schwettmann<br />Em: jamie@i11industries.com<br />Tw: brink_0x3f<br />Eric Michaud<br />Em: eric@i11industries.com<br />Tw: EricMichaud<br />

×