Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)

427 views

Published on

BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)

  1. 1. Politics & Power in Cybersecurity Pukhraj Singh @RungRage
  2. 2. Territoriality CausalityProportionality Legality War Crime Espionage Defence Power & Conflict in Meatspace* * This graph is a rough generalisation
  3. 3. Territoriality CausalityProportionality Legality War Crime Espionage Defence Power & Conflict in Cyberspace
  4. 4. “Cyberspace is [a] continuously contested territory in which we can control memory & operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time” -- Richard Danzig, adviser to President Obama A Contested Territory
  5. 5. “Possession, ownership & control [of data & assets in cyberspace] do not overlap” -- Thomas Dullien, Google Security A Contested Territory
  6. 6. “[Cyber] offence & defence is the wrong dichotomy: it should be control & non-control” -- Dave Aitel, former NSA cyber operative A Contested Territory
  7. 7. “Think about it for a moment - we share the same network with our adversaries” -- George Tenet, former CIA director (exactly 20 years ago) A Contested Territory
  8. 8. This anxiety around the paradox of control, or the lack of it, in cyberspace has not waned even a bit A Contested Territory
  9. 9. “NSA’s aim: mass compromise & expansion of compromise boundaries” -- Morgan Marquis-Boire, former writer with The Intercept (Possibly inspired by Dullien’s work) Try replacing “boundaries” with “territories”… A Contested Territory
  10. 10. “If we were to score cyber the way we score soccer, the tally would be 462-456 twenty minutes into the game, i.e., all offence” -- Chris Inglis, former deputy director with the NSA Structural Dominance of Offence via Politics
  11. 11. “If we were to score cyber the way we score soccer, the tally would be 462-456 twenty minutes into the game, i.e., all offence” -- Chris Inglis, former deputy director with the NSA Structural Dominance of Offence via Politics
  12. 12. Cyber offensive A-teams rely more on political subterfuge than technical • NSA’s TAO, SCS, etc., are hybrid & interdisciplinary teams • “Insert vulnerabilities into commercial encryption systems, IT systems, networks, & endpoint communications devices used by targets” – 2012 budget document of the NSA • Traditional cryptanalysis & hacking gave way to clandestine intelligence activities or black-bag jobs of TAO via the CIA, DIA, FBI, State Deptt., NSF & NIST • “[S]ecret efforts by the U.S. intelligence community to interdict the shipment of advanced encryption technology to America's enemies around the world & insert ‘back doors’ into commercially available computer, communications, and encryption technologies” – Matthew Aid, Foreign Policy Structural Dominance of Offence via Politics
  13. 13. Cyber offensive A-teams rely more on political subterfuge than technical “[T]he NSA reviewed National Science Foundation grant…the agency appeared to use this process to exercise control over nongovernmental cryptography research” “[T]he NSA reviewed & approved an NSF grant application from Ron Rivest…An internal NSA history suggests that the agency would have tried to derail Rivest's grant application if the reviewers had understood what Rivest would do with the money” -- Henry Corrigan-Gibbs, Stanford Magazine Structural Dominance of Offence via Politics
  14. 14. Cyber offensive A-teams rely more on political subterfuge than technical “The [EuroCrypt’92] conference again offered an interesting view into the thought processes of the world’s leading ‘cryptologists.’ It is indeed remarkable how far the Agency has strayed from the True Path” -- An anonymous NSA cryptologist writing for CryptoLog, an agency newsletter declassified in 2014 Structural Dominance of Offence via Politics
  15. 15. But why political? “Investment in a high end "Man on the Side" technology stack can run you into the billions. You'd better hope the meta doesn't change until your investment pays off. And what are the strategic differences between TAO-style organizations and the Russian/Chinese way? It's possible to LOSE if you don't understand & adapt to the current up-to-date Meta of the domain you are in, no matter what your other advantages are” -- Dave Aitel To rewrite the physics of the domain at will Structural Dominance of Offence via Politics
  16. 16. Cyber Meta has a political architecture • TURMOIL/QUANTUM: “Relies on its secret partnerships with US telecoms companies” • BULLRUN: “There will be NO 'need to know’” Structural Dominance of Offence via Politics
  17. 17. Cyber offensive A-teams rely more on political subterfuge than technical Structural Dominance of Offence via Politics Dave Aitel • The SuperMicro story, even if partially true, follows the same political template of A-team operations • Were the Chinese using political leverage to tackle attribution?
  18. 18. Political bureaucracy as the technical signature of a cyber operation Lineage & Mathematics Verner von Braun et al. > US space programme • Nazi rocket scientists Helmut Gröttrup et al. > Soviet space programme • CV Raman > Homi Bhabha > Vikram Sarabhai > Indian space programme Structural Dominance of Offence via Politics
  19. 19. Political bureaucracy as the technical signature of a cyber operation • “Your adversary has a boss and a budget” – The Grugq • It defines operational tooling, tactics & tempo of the offensive team • Is code reuse a technical thing or an expression of political semantics? • Exploitation is a technology tree & targeting is limited by policy restrictions -- Aitel • Did Metasploit originate in the public from the exploitation Meta of pre-2004 TAO toolchains? Structural Dominance of Offence via Politics
  20. 20. Political bureaucracy as the technical signature of a cyber operation Code Reuse: Opcodes & Ontology • 2006: Thomas Dullien ran a “phylogenetic clustering algorithm” on a genus of malware, finding that “although we have ~200 samples, we only have two large families, three small families, two pairs of siblings, & a few isolated samples” • 2011: Google acquires Zynamics • 2012: Google acquires VirusTotal • 2017: Structural Dominance of Offence via Politics
  21. 21. Political bureaucracy as the technical signature of a cyber operation Code Reuse: Opcodes & Ontology • 2018: Structural Dominance of Offence via Politics
  22. 22. Political bureaucracy as the technical signature of a cyber operation Code Reuse: Opcodes & Ontology • Exploitation is a technology tree • Operation Aurora -> Barium/Winnti/APT17/Axiom • Winnti >>> Hashing subroutine <<< ShadowPad/NetSarang • Winnti >>> base64 <<< CCleaner Stage 1 • Winnti >>> String obfuscation <<< CCleaner Stage 2 (Sources: Costin Raiu, Kaspersky & Intezer) Structural Dominance of Offence via Politics
  23. 23. Politics influences industry choices & dynamics • The ciphers you use • The processors, routers & antivirus you run • The defensive “innovations” in the security industry • The unjustifiable persistence of centralized architectures like DNS, SSL & BGP, etc. • Bug classes like Spectre & Meltdown • What hackers say, or do not say Structural Dominance of Offence via Politics
  24. 24. The political choice for markets like India is whether to choose Kaspersky or FireEye • Cybersecurity vendors become foot soldiers • Malware used by the U.S. in offensive cyber-operations plays “nice”…”We see guardrails on malware from nations like the U.S.” -- Kevin Mandia, CEO, FireEye • CyberScoop recently reported that FireEye had drawn a red line around exposing certain activities by so-called “friendlies” Structural Dominance of Offence via Politics
  25. 25. Politics severely degrades the defensive architecture Structural Dominance of Offence via Politics Imagine this for commercial-grade enterprise security?
  26. 26. Cybersecurity as A Function of Power “[C]ybersecurity is all about power & only power” -- Dan Geer, CISO, In-Q-Tel
  27. 27. Cybersecurity as A Function of Power “Cyberweapons are power projection tools” -- Gen. Michael Hayden, former director of the CIA & NSA
  28. 28. Cybersecurity as A Function of Power The Declaratory Model: 1995-2014 Aitel labelled Stuxnet as the “announcement of a team” more than anything else, which could take out any factory, any time The current structures of offence are biased towards declaratory dominance
  29. 29. Cybersecurity as A Function of Power The Escalatory Puzzle Look, we’re moving into a new era here where a number of countries have significant capacities…But our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so everybody’s acting responsibly -- Barack Obama, 2016

×