Lisbeth Salander vs James Bond
BackgroundIntelligence Life CycleWar StoriesAnti-Anti-Corporate Spy TrainingConclusions and Review
The 4 principal motivators of betrayalsAnti-anti-espionage trainingIncorporating what we’ve learned intoour OPSEC measures
 @Antitree Intrepidus Group: mobile hacking BSidesDetroit12: Jukebox hack Organizer: BSidesROC Founding Member of Int...
 Every fortune 500 organization has anintelligence program under some other title› Competitive intelligence, corporate in...
 MI6 operative Relies on Humans assources of intel Somehow explodeseverything Makes love to prettyladies
 Works as a PI Socially unacceptable Intelligence comes through technicalmeans Also makes love to pretty ladies
 Government Employees:› CIA, Marines, Homeland security› Provide intel and counter intel services Corporate Competitive ...
 Break into network steal documents Phishing campaign steals creds Malware targeting a company
BenefitsCosts Direct unfettered access to intelligence No middlemen Limited risk of inflation, lying Lower risk of bei...
 Turning a secretary to tell you who theCEO is meeting with Paying a VP for financial information Convincing a QA dept ...
BenefitsCosts Information directly from the source Can be the “fall guy” Can circumvent any network securitymeasures C...
Money: I will pay you $50,000.Ideology: Do it for the greater good of yourcountry!Coersion: If you don’t do this, your wil...
DefineTargetDevelopAccessProcessIntelExit
DefineTargetDevelopAccessProcessIntelExitDefineTarget
 Recon: (information gathering) Goals: (target identification)› Secret codes› Business Plans Entry Points: (vulnerabili...
 Information horizon› Knowledge of people in the organization› Knowledge of business practices Attacks can use a combina...
 Ask benign questions for secret information “I’m thinking about buying a new digital camera,what is Kodak coming out wi...
 Single Parent Rule: People can justify just about anyaction, if taken to improve the lot of their children.(Money) Disg...
DefineTargetDevelopAccessProcessIntelExitDevelopAccess
 Network penetration Surveillance Malware / APT OSINT
 All Social Engineering tactics apply Study potential sources, their interests,the habits Define personality type andvu...
 Hang out at the bars they do Become friends Find what will motivate them
DefineTargetDevelopAccessProcessIntelExitProcessIntel
 Establish a Tradecraft: (AKA Stego formeat sacks) Dead Drops Meeting Points Code words
 Types of non-attribution:› Anonymity: no idea who did it› Spoof: blame someone else› Deniability: oh it was just a bot i...
DefineTargetDevelopAccessProcessIntelExitExit
 Sell to mid-level VPs not the CEO Organizations will always want plausibledeniability Negotiate the terms
 Decommission operation theater Spin down connection with sources› Maintain surveillance Destroy/Scrub all information›...
 Peter is going through a divorce Alex – Russian spy – hangs out in bars and coffee shops near targetedareas of DC Alex...
 Primary Motivator: Money Spies are friendly Tradecraft› Chalk mailbox› Pass phrases
 Started working for AMD in 1979 Walks up to the Cuban embassy in 1982 and says “I wantto be spy” 1989 communism is bor...
 Walked around picking up random documents andphoto copying them Used lots of photo copiers so security would nevernotic...
 Primary Motivation: Ideology Good employees make good spies Security theatre
 Security programs The best way to catch a somethingsomething is to act like a somethingsomething Games to practice bei...
 Walk into a room, look around, andleave› How many people are in the room?› How many people of each age group?› What colo...
 You need to choose which line to gointo. Profile the people in each line› Older, younger, attractive, tired, etc Race ...
 Thought exercise: How as the following rollsmight you be able to exploit something inyour organization?› Junior employee...
The principal motivators of betrayal arealso the principal motivators of success
Think offensively about corporate spying
Our OPSEC measures should include ourown personal “Information Horizon”
@antitreeantitree@gmail.comantitree.comhttp://is.gd/U8wOk8
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Salander v bond b sides detroit final v3
Upcoming SlideShare
Loading in …5
×

Salander v bond b sides detroit final v3

1,526 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,526
On SlideShare
0
From Embeds
0
Number of Embeds
704
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Side affect is your girlfriend will appreciate it
  • 5/14/2013 – 45 minutes long (without specific opsec stuff)http://www.slideshare.net/earl675/corporate-espionage5/23/2013 – 50-55 minutes long. Skipping last parts
  • 53 minutes long – spoke very fast46 mins – spoke kind of fast. Some slides didn’t flow. 58 minutes – spoke slowly but well. … need to shorten..48 minutes – out of breath, kind of a good pace though. Spoke too loudly and high44 minutes – good speed. Not out of breath. Ready to go
  • Salander v bond b sides detroit final v3

    1. 1. Lisbeth Salander vs James Bond
    2. 2. BackgroundIntelligence Life CycleWar StoriesAnti-Anti-Corporate Spy TrainingConclusions and Review
    3. 3. The 4 principal motivators of betrayalsAnti-anti-espionage trainingIncorporating what we’ve learned intoour OPSEC measures
    4. 4.  @Antitree Intrepidus Group: mobile hacking BSidesDetroit12: Jukebox hack Organizer: BSidesROC Founding Member of Interlock Rochester “cyber”
    5. 5.  Every fortune 500 organization has anintelligence program under some other title› Competitive intelligence, corporate intel,business analysis Corporate spies are almost never caught,and almost never convicted, and neverserve more than 1 year in a “corporate spy”prison.
    6. 6.  MI6 operative Relies on Humans assources of intel Somehow explodeseverything Makes love to prettyladies
    7. 7.  Works as a PI Socially unacceptable Intelligence comes through technicalmeans Also makes love to pretty ladies
    8. 8.  Government Employees:› CIA, Marines, Homeland security› Provide intel and counter intel services Corporate Competitive Intelligence employees› Work for an organization to provide intel on theircompetitors› Mostly ethical practices Private Corporate Spies› Individuals or private organizations that sell secretsbetween companies› Focused, well paid, completely illegal
    9. 9.  Break into network steal documents Phishing campaign steals creds Malware targeting a company
    10. 10. BenefitsCosts Direct unfettered access to intelligence No middlemen Limited risk of inflation, lying Lower risk of being caught More defense measures are in placecompared to HUMINT Clearly defined laws regarding IP,hacking, etc
    11. 11.  Turning a secretary to tell you who theCEO is meeting with Paying a VP for financial information Convincing a QA dept to give youaccess to products
    12. 12. BenefitsCosts Information directly from the source Can be the “fall guy” Can circumvent any network securitymeasures Context for intelligence The most sensitive information is in smallcircles Possibility for betrayal, lying, or inflatinginformation Humans need coddling
    13. 13. Money: I will pay you $50,000.Ideology: Do it for the greater good of yourcountry!Coersion: If you don’t do this, your will will find outabout your mistress.Ego: I’ve been watching you and you’re the bestin the business. I need your help.
    14. 14. DefineTargetDevelopAccessProcessIntelExit
    15. 15. DefineTargetDevelopAccessProcessIntelExitDefineTarget
    16. 16.  Recon: (information gathering) Goals: (target identification)› Secret codes› Business Plans Entry Points: (vulnerabilities) Identifypotential sources
    17. 17.  Information horizon› Knowledge of people in the organization› Knowledge of business practices Attacks can use a combination ofknowledge to exploit Start in the outer hub, and ride a spoke tonext layer Pivoting
    18. 18.  Ask benign questions for secret information “I’m thinking about buying a new digital camera,what is Kodak coming out with?” “What kind of IDS does Linode use internally? I’mconcerned about sensitive information gettinghacked” Question sites:› Yahoo Answers› Stack Exchange› Forums
    19. 19.  Single Parent Rule: People can justify just about anyaction, if taken to improve the lot of their children.(Money) Disgruntled Employees: Employees with cut salaries orgot laid off turn bitter and vengeful (Ideology, Ego) Bad credit scores(Money) Sexual disclosure (Coersion)› Cheating spouse› Pornography habits
    20. 20. DefineTargetDevelopAccessProcessIntelExitDevelopAccess
    21. 21.  Network penetration Surveillance Malware / APT OSINT
    22. 22.  All Social Engineering tactics apply Study potential sources, their interests,the habits Define personality type andvulnerabilities:› Loud and egotistical› quiet and non-confrontational
    23. 23.  Hang out at the bars they do Become friends Find what will motivate them
    24. 24. DefineTargetDevelopAccessProcessIntelExitProcessIntel
    25. 25.  Establish a Tradecraft: (AKA Stego formeat sacks) Dead Drops Meeting Points Code words
    26. 26.  Types of non-attribution:› Anonymity: no idea who did it› Spoof: blame someone else› Deniability: oh it was just a bot in China.*shrug* Communication Security vs StorageSecurity
    27. 27. DefineTargetDevelopAccessProcessIntelExitExit
    28. 28.  Sell to mid-level VPs not the CEO Organizations will always want plausibledeniability Negotiate the terms
    29. 29.  Decommission operation theater Spin down connection with sources› Maintain surveillance Destroy/Scrub all information› Friends + Thermite
    30. 30.  Peter is going through a divorce Alex – Russian spy – hangs out in bars and coffee shops near targetedareas of DC Alex becomes Peter’s friend over 2 months Alex pays Peter for phone number of people inside his company Tradecraft:› Used pass phrases to leave messages and confirm the identity while tradinginformation› Make a chalk mark on the mailbox Alex gets one of his other ops to exchange information about “StarWars” Peter social engineers an IT admin fixing the wiring closet Peter steals the documents off the network and exfiltrates it back toMoscow
    31. 31.  Primary Motivator: Money Spies are friendly Tradecraft› Chalk mailbox› Pass phrases
    32. 32.  Started working for AMD in 1979 Walks up to the Cuban embassy in 1982 and says “I wantto be spy” 1989 communism is boring 1992 he turns himself into the CIA becomes a doubleagent 1992 he goes to work for Intel 1994 he flies to South America and sells Pentium secrets Tries to sell the secrets to North Korea, China, Iran, andAMD
    33. 33.  Walked around picking up random documents andphoto copying them Used lots of photo copiers so security would nevernotice Guards only looked for green or blue paper Charismatic› Access to new tech was just because his friends gave it tohim› Offered to do favors for everyone› Always befriended secretaries
    34. 34.  Primary Motivation: Ideology Good employees make good spies Security theatre
    35. 35.  Security programs The best way to catch a somethingsomething is to act like a somethingsomething Games to practice being a spy
    36. 36.  Walk into a room, look around, andleave› How many people are in the room?› How many people of each age group?› What color are the cars parked outside?› What was everyone doing?› How detailed can you draw the room?
    37. 37.  You need to choose which line to gointo. Profile the people in each line› Older, younger, attractive, tired, etc Race the next person that uses the otherline Airports are great for this
    38. 38.  Thought exercise: How as the following rollsmight you be able to exploit something inyour organization?› Junior employee› Outside contractor› Delivery person› After hours staff How can you remediate?
    39. 39. The principal motivators of betrayal arealso the principal motivators of success
    40. 40. Think offensively about corporate spying
    41. 41. Our OPSEC measures should include ourown personal “Information Horizon”
    42. 42. @antitreeantitree@gmail.comantitree.comhttp://is.gd/U8wOk8

    ×