Salander v bond b sides detroit final v3Presentation Transcript
Lisbeth Salander vs James Bond
BackgroundIntelligence Life CycleWar StoriesAnti-Anti-Corporate Spy TrainingConclusions and Review
The 4 principal motivators of betrayalsAnti-anti-espionage trainingIncorporating what we’ve learned intoour OPSEC measures
@Antitree Intrepidus Group: mobile hacking BSidesDetroit12: Jukebox hack Organizer: BSidesROC Founding Member of Interlock Rochester “cyber”
Every fortune 500 organization has anintelligence program under some other title› Competitive intelligence, corporate intel,business analysis Corporate spies are almost never caught,and almost never convicted, and neverserve more than 1 year in a “corporate spy”prison.
MI6 operative Relies on Humans assources of intel Somehow explodeseverything Makes love to prettyladies
Works as a PI Socially unacceptable Intelligence comes through technicalmeans Also makes love to pretty ladies
Government Employees:› CIA, Marines, Homeland security› Provide intel and counter intel services Corporate Competitive Intelligence employees› Work for an organization to provide intel on theircompetitors› Mostly ethical practices Private Corporate Spies› Individuals or private organizations that sell secretsbetween companies› Focused, well paid, completely illegal
Break into network steal documents Phishing campaign steals creds Malware targeting a company
BenefitsCosts Direct unfettered access to intelligence No middlemen Limited risk of inflation, lying Lower risk of being caught More defense measures are in placecompared to HUMINT Clearly defined laws regarding IP,hacking, etc
Turning a secretary to tell you who theCEO is meeting with Paying a VP for financial information Convincing a QA dept to give youaccess to products
BenefitsCosts Information directly from the source Can be the “fall guy” Can circumvent any network securitymeasures Context for intelligence The most sensitive information is in smallcircles Possibility for betrayal, lying, or inflatinginformation Humans need coddling
Money: I will pay you $50,000.Ideology: Do it for the greater good of yourcountry!Coersion: If you don’t do this, your will will find outabout your mistress.Ego: I’ve been watching you and you’re the bestin the business. I need your help.
Information horizon› Knowledge of people in the organization› Knowledge of business practices Attacks can use a combination ofknowledge to exploit Start in the outer hub, and ride a spoke tonext layer Pivoting
Ask benign questions for secret information “I’m thinking about buying a new digital camera,what is Kodak coming out with?” “What kind of IDS does Linode use internally? I’mconcerned about sensitive information gettinghacked” Question sites:› Yahoo Answers› Stack Exchange› Forums
Single Parent Rule: People can justify just about anyaction, if taken to improve the lot of their children.(Money) Disgruntled Employees: Employees with cut salaries orgot laid off turn bitter and vengeful (Ideology, Ego) Bad credit scores(Money) Sexual disclosure (Coersion)› Cheating spouse› Pornography habits
Establish a Tradecraft: (AKA Stego formeat sacks) Dead Drops Meeting Points Code words
Types of non-attribution:› Anonymity: no idea who did it› Spoof: blame someone else› Deniability: oh it was just a bot in China.*shrug* Communication Security vs StorageSecurity
Sell to mid-level VPs not the CEO Organizations will always want plausibledeniability Negotiate the terms
Decommission operation theater Spin down connection with sources› Maintain surveillance Destroy/Scrub all information› Friends + Thermite
Peter is going through a divorce Alex – Russian spy – hangs out in bars and coffee shops near targetedareas of DC Alex becomes Peter’s friend over 2 months Alex pays Peter for phone number of people inside his company Tradecraft:› Used pass phrases to leave messages and confirm the identity while tradinginformation› Make a chalk mark on the mailbox Alex gets one of his other ops to exchange information about “StarWars” Peter social engineers an IT admin fixing the wiring closet Peter steals the documents off the network and exfiltrates it back toMoscow
Started working for AMD in 1979 Walks up to the Cuban embassy in 1982 and says “I wantto be spy” 1989 communism is boring 1992 he turns himself into the CIA becomes a doubleagent 1992 he goes to work for Intel 1994 he flies to South America and sells Pentium secrets Tries to sell the secrets to North Korea, China, Iran, andAMD
Walked around picking up random documents andphoto copying them Used lots of photo copiers so security would nevernotice Guards only looked for green or blue paper Charismatic› Access to new tech was just because his friends gave it tohim› Offered to do favors for everyone› Always befriended secretaries
Primary Motivation: Ideology Good employees make good spies Security theatre
Security programs The best way to catch a somethingsomething is to act like a somethingsomething Games to practice being a spy
Walk into a room, look around, andleave› How many people are in the room?› How many people of each age group?› What color are the cars parked outside?› What was everyone doing?› How detailed can you draw the room?
You need to choose which line to gointo. Profile the people in each line› Older, younger, attractive, tired, etc Race the next person that uses the otherline Airports are great for this
Thought exercise: How as the following rollsmight you be able to exploit something inyour organization?› Junior employee› Outside contractor› Delivery person› After hours staff How can you remediate?
The principal motivators of betrayal arealso the principal motivators of success
Think offensively about corporate spying
Our OPSEC measures should include ourown personal “Information Horizon”