Successfully reported this slideshow.
Your SlideShare is downloading. ×

We couldbeheroes -recon2014

Jun. 28, 2014
3 likes 1,486 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Policy Briefing Presentation
Policy Briefing Presentation
Loading in …3
×

Check these out next

How European start-ups can make a business out of the US shut-down of privacy...
Moldova ICT Summit
InfraGard Cyber Tips: October, 2015
Ryan Renicker CFA
FOSS and activism
sky croeser
#Privacy presentation
bill kim
Currentissuesoncyberterrorpresentation
Brian_Andre
What we can learn from LulzSec
Positive Hack Days
Med122 hackers lecture
Rob Jewitt
Emerging world order
Curtis A. Carver Jr.
1 of 50 Ad

We couldbeheroes -recon2014

Jun. 28, 2014
3 likes 1,486 views

Download to read offline

Technology Business

ReCON 2014 Keynote

ReCON 2014 Keynote

Technology Business
Advertisement

Recommended

Policy Briefing Presentation
Patrick Thomas Cannon
104 views
13 slides
Cyber Warfare 4TH edition
Jorge Sebastiao
199 views
35 slides
Superweek 2019 - Hamel Hell
Stéphane Hamel
721 views
47 slides
CISummit 2013: Tom McAndrew, Discover Your Insider Threats through Their Network
Steven Wardell
897 views
11 slides
Green Hornet
Jason Norwood-Young
291 views
5 slides
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Cain Ransbottyn
1M views
36 slides
GOVERNMENT SURVEILANCE
Yusuf Qadir
680 views
9 slides
PATRIOT ACT: MICHELLE, XIMENA, DIEGO AND PABLO
Marce Bravo
455 views
7 slides
Advertisement

More Related Content

Slideshows for you (13)

How European start-ups can make a business out of the US shut-down of privacy...
Moldova ICT Summit
629 views
InfraGard Cyber Tips: October, 2015
Ryan Renicker CFA
77 views
FOSS and activism
sky croeser
749 views
#Privacy presentation
bill kim
244 views
Currentissuesoncyberterrorpresentation
Brian_Andre
167 views
What we can learn from LulzSec
Positive Hack Days
2.5k views
Med122 hackers lecture
Rob Jewitt
821 views
Emerging world order
Curtis A. Carver Jr.
261 views
Surveillance in the technology age
Anthony Flores
279 views
NSA Mass Spying and the Law
Rocket Matter, LLC
1.1k views
Security on social networks AVAST
Julia Szymańska
857 views
Cyberware
Ensar Seker
171 views
Introduction to Anonymous
The CivicLab
2.6k views
How European start-ups can make a business out of the US shut-down of privacy...
Moldova ICT Summit
629 views
17 slides
InfraGard Cyber Tips: October, 2015
Ryan Renicker CFA
77 views
1 slide
FOSS and activism
sky croeser
749 views
16 slides
#Privacy presentation
bill kim
244 views
7 slides
Currentissuesoncyberterrorpresentation
Brian_Andre
167 views
8 slides
What we can learn from LulzSec
Positive Hack Days
2.5k views
85 slides

Similar to We couldbeheroes -recon2014 (20)

Future_Radicals_Study_Guide_HIGH_RES
Jenny O'Meara
248 views
2600 v11 n4 (winter 1994)
Felipe Prado
691 views
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
Shubham Kumar Singh
1.2k views
Polinter11
Jeffrey Hart
198 views
nullcon 2010 - Underground Economy
n|u - The Open Security Community
16.6k views
Information and Technology Literacy in the Time of the Fancy Bear
center4edupunx
922 views
2600 v19 n4 (winter 2002)
Felipe Prado
798 views
5 biggest cyber attacks and most famous hackers
Roman Antonov
191 views
Famous hackers group
Ashokkumar Gnanasekar
70 views
Introduction to Hacktivism
Phil Huggins FBCS CITP
292 views
Zapatistas and online activism
Hillbilly Gothic
1.3k views
The End Game Hoax
Deborah Kayatani
569 views
Hacktivism 2: A brief history of hacktivism.
Peter Ludlow
43 views
Wini's Presentation on Racial Cyberhates Targeting Young People
artatipratiwi
632 views
Privacy reconsidered
Brian Rowe
638 views
CWFI Presentation Version 1
Brett L. Scott
579 views
Hacking And Its Prevention
Dinesh O Bareja
16.6k views
DEF CON 27 - JOSEPH MENN - change the world c dc style
Felipe Prado
80 views
Hackers & hacktivism
Bilal Ali
3.2k views
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
University of Calgary
520 views
Future_Radicals_Study_Guide_HIGH_RES
Jenny O'Meara
248 views
10 slides
2600 v11 n4 (winter 1994)
Felipe Prado
691 views
48 slides
Cybercrime criminal threats from cyberspace (crime, media, and popular cultur...
Shubham Kumar Singh
1.2k views
296 slides
Polinter11
Jeffrey Hart
198 views
20 slides
nullcon 2010 - Underground Economy
n|u - The Open Security Community
16.6k views
41 slides
Information and Technology Literacy in the Time of the Fancy Bear
center4edupunx
922 views
70 slides
Advertisement

Recently uploaded (20)

MachineLearning Seminar PPT.pptx
AmanDixit74
0 views
Data Enrichment in the Public Sector
Precisely
0 views
Diskusi HCI.pptx
cvgonet
0 views
typesofpatents-111011053928-phpapp02.ppt
PrajwalVKumar
0 views
TECHNIQUES OF OS. PRESENTATION 1.pptx
GamingZone551403
0 views
BSides London 2022 - Introducing varc_ Volatile Artifact Collector (2).pdf
MattMuir5
0 views
Combustible gas detection
Vedard Security Alarm System Store
0 views
DeFi and the New Composition of the Crypto Market
intotheblock
0 views
TOM Study materials -Unit 1-5 .pdf
JEDISONTHANGARAJ
0 views
SpotCameras the most interesting webcams on the internet.pdf
SONEVA KIRI, KOH KOOD, THAILAND
0 views
190180668-Actix-Cellrefs.pdf
SukeshBRaj2
0 views
DeFi Opportunities and Challenges in the Current Crypto Market
Jesus Rodriguez
0 views
Research network engineering: Community kick-off meeting
Jisc
0 views
hadoop overview.pptx
SachinSingh217687
0 views
cisco_edge_whitepaper.pdf
RaymondKoh23
0 views
Deployment, Performance, Agility and Flexibility using Trisotech Digital Dist...
Denis Gagné
0 views
MB PLOUGH.pptx
SatishPatilVk
0 views
WANI 3.0: Unleashing Business Innovation and Open Wireless Network Growth for...
ProductNation/iSPIRT
0 views
EDUCATIONAL_INNOVATION_Encep_Jendi_Mutaqin(1).pptx
sitiistikomahistikom
0 views
shaper PPT MAHESH (2).pptx
PMaheswarareddy
0 views
MachineLearning Seminar PPT.pptx
AmanDixit74
0 views
11 slides
Data Enrichment in the Public Sector
Precisely
0 views
23 slides
Diskusi HCI.pptx
cvgonet
0 views
33 slides
typesofpatents-111011053928-phpapp02.ppt
PrajwalVKumar
0 views
16 slides
TECHNIQUES OF OS. PRESENTATION 1.pptx
GamingZone551403
0 views
7 slides
BSides London 2022 - Introducing varc_ Volatile Artifact Collector (2).pdf
MattMuir5
0 views
20 slides

We couldbeheroes -recon2014

  1. 1. We Could Be Heroes Eva Galperin Global Policy Analyst, Electronic Frontier Foundation eva@eff.org @evacide
  2. 2. No, really. Big damn heroes.
  3. 3. Ok, more like this
  4. 4. In the beginning, there were kittens
  5. 5. Activists are vulnerable
  6. 6. Meanwhile, in Syria…
  7. 7. The stakes are high
  8. 8. February 2011, Syria unbans Facebook
  9. 9. Anti-Dissident Campaign Civil Unrest Begins January 26, 2011 Anti-Dissident Operations Discovered Fake Youtube [Deliver Malware] [Phishing] 2012 CNN Reporting Skype [Deliver Malware] Fake Facebook Deliver Malware
  10. 10. Phish All The Things
  11. 11. Phish All The Things
  12. 12. Phish All The Things
  13. 13. Phish All The Things
  14. 14. Phish All The Things
  15. 15. Phish All The Things
  16. 16. Phish All The Things Head of syrian opposition...
  17. 17. Fake Revolutionary Plans
  18. 18. Zero-Hour Plan for Aleppo
  19. 19. I’ve got a little list…
  20. 20. A message from Sheikh Adnan…
  21. 21. Encription... can haz?
  22. 22. Encription... can haz?
  23. 23. Anti Hacker
  24. 24. Anti Hacker
  25. 25. They’re ba-ack
  26. 26. Hijacked Facebook Group
  27. 27. A very bad day of malware analysis
  28. 28. False Flag
  29. 29. alosh66 Domains: alosh66.no-ip.info alosh66.myftp.org alosh66.servecounterstrike.net alosh66.linkpc.net Distinguishing feature: Predictable C2 domain naming convention. Tools: Dark Comet RAT BlackShades RAT
  30. 30. Attacks March 2012: Fake YouTube Website YouTube credential phishing DarkComet RAT June/July 2012: Skype phishing BlackShades RAT August 2012: Facebook phishing BlackShades RAT
  31. 31. dot28 Gang Domain: meroo.no-ip.org Distinguishing feature: Repeated use of 216.6.0.28 as C2. Tools: Dark Comet RAT Xtreme RAT
  32. 32. Dot28 Gang Operating from November 2012 to present Campaigns: Zero hour plan for the city of Aleppo Plans for a revolutionary high council Skype encryption program Anti-Hacker application Names of some militants in Syria and abroad who are wanted by the Syrian regime
  33. 33. Dot28 Gang 30+ DarkComet RAT samples connecting to 216.6.0.28 1 Xtreme RAT sample connection to 216.6.0.28 C&C stayed up during Internet blackout in Syria
  34. 34. Syrian students getting savvy
  35. 35. DarkcoderSc
  36. 36. Tools & Actors
  37. 37. Good morning Vietnam
  38. 38. Le Quoc Quan
  39. 39. Dieu Cay
  40. 40. Ceiling cat sez u want free flights and hotels nao?
  41. 41. Attacks on Vietnamese bloggers
  42. 42. Ethiopia: One Step Beyond
  43. 43. Thanks, Snowden
  44. 44. The game is afoot!
  45. 45. “"The current Ethiopian government has a well- documented history of human rights violations against anyone it sees as political opponents. Here, it wiretapped a United States citizen on United States soil in an apparent attempt to obtain information about members of the Ethiopian diaspora who have been critical of their former government. U.S. laws protect Americans from this type of unauthorized electronic spying, regardless of who is responsible." EFF Staff attorney Nate Cardozo
  46. 46. Meanwhile, in the UK…
  47. 47. Thanks! Many thanks to: John Adams, Morgan Marquis- Boire, Bill Marczak, Cooper Quintin, Cindy Cohn, Nate Cardozo, Citizen Lab, and Privacy International. Heroes and rock stars.

Editor's Notes

  • Ethiopia, by the way, is one of the NSA’s approved SIGINT partners. As you can see on this chart, taken from the Snowden documents published in Glenn Greenwald’s book “No Place to Hide,” Ethiopia received $450k from the NSA to build its surveillance capabilities, including those targeting “terrorists,” which is what the Ethiopian government calls political dissidents. Citizen Lab reports have found both FinFisher and HackingTeam command and control servers operating in Ethiopia. Given how relatively inexpensive these products are, $450k goes a long way towards covering those costs.
  • Three months later, I was put in touch with a person in Washington DC who provided technical support for Ginbot 7, known by the pseudonym Kidane. I explained the researcher’s findings, described FinFisher’s capabilities, and he allowed an expert to examine his computer for malware. Forensic analysis revealed that his computer had been infected with FinFisher’s surveillance tool, FinSpy. It had been uninstalled, but the uninstallation process had left traces which enabled us to know some of what the software had recorded and possibly exfiltrated back to the Ethiopian government. This data included Skype calls and Google searches. Further analysis traced the infection back to an infected Word document attachment that had been sent by agents of the Ethiopian government and forwarded to him.
  • Because the spying happened in the United States—in fact—Mr Kidane’s laptop never left the US, EFF is representing him in a lawsuit against the Ethiopian government. We are suing the Ethiopian government for violating the US wiretapping act and state privacy law.

    This case is important because it demonstrates that state-sponsored malware infections and can indeed are occurring in the U.S. against U.S. citizens. It seeks to demonstrate that warrantless wiretapping is illegal and can be the basis of a lawsuit in the United States, regardless of who engages in it.   
  • Meanwhile, British privacy watchdogs Privacy International the findings on Mr. Kidane’s computer, as well as Citizen Lab’s extensive research into the use of UK-based Gamma International’s surveillance software to facilitate human rights violations to put pressure on Her Majesty’s Revenue and Customs to investigate these exports. We expect that EF’s law suit and PI’s legal action will take a long time to work their way through the courts. The fight against governments that abuse human rights through targeted surveillance and the companies that sell to them, facilitating that abuse, but is a long one, but it would not be possible at all without public research directly linking human rights abuses to the surveillance software.
  • So, what do I want you to do with your next year of research? If you find malware targeting vulnerable groups, publish your research. Ideally, it should be written in a way that can be understood by journalists and activists and ordinary readers, who can turn it into advice for the targets and fodder for policy decisions—and if you can’t do that, partner with a journalist or activist from the affected community.

    If you are concerned about the possibly legal implications of publishing your research, contact me at the Electronic Frontier Foundation. We have an entire floor of lawyers who have been defending the rights of security researchers to publish their work for decades. If you are located outside of the United States, or you are concerned about legal action outside of the US, I can make a referral.

×