China all up in your business: Annoying Persistant Threat - Dave Ockwell-Jenner (OWASP Ottawa)
About Me• Senior Security Architect for SITA– IT & Communications specialists for the Air Transport Industry– Created and manage software security program• Owner of Prime Information Security– Boutique security consultancy specializing in small-medium enterprise• Previously worked with RIMBlackBerry, TELUS, Nortel• And…– Creator of the 37th ever web site!– Blogger for TELUS– Co-Author of SANS course Developing Defensible Java EE Solutions– Co-Founder of the Small Business Community Network (SBCN)– House DJ and Producer
Hunting Wabbits• Tracking Evil Bad Guys™ for the pastseveral years– Looking at intrusion techniques, malwareand exfiltration– The so-called ‘Advanced Persistent Threat’• Not so much ‘Advanced’ but ‘Annoying’• APT1– Digital forensics firm MANDIANT recentlyclaimed well-known hacking group to be anoffice of the Chinese People’s LiberationArmy (PLA)– I may or may not have some experience withour Chinese friends!
How Advanced, is Advanced?• If I can understand it, it’s not veryadvanced– The organization and effectiveness isclever, but the techniques aresomething we can all understand• Why don’t we take a look at arecreation of an actual attack?– In time-honoured Looney Tunestradition, we’ll use a fictionalcompany called ACME, makers of…
Demo: Rules of Engagement• Please keep in mind, what you’re about to seeand hear is for educational purposes ONLY• Please ask lots of questions• If something doesn’t work, it has nothing todo with my awesome talent…… it’s clearly a hardware problem
What did we learn?• Simple malware is really easy to make and yetquite effective– Malware is really easy to hide from AV• Once compromised, it’s pretty trivial to snooparound further and steal loot– But we can make it more difficult• Our web sites & apps might be a hiding place forcommand/control of infected systems– So make sure our sites/apps are secured—seeOWASP!