Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DEFCON: Burning the Lookout

310 views

Published on

Talk from the DEFCON 26 Packet Hacking Village (PHV) detailing the use of the lawful intercept system Vigia in Brazil.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DEFCON: Burning the Lookout

  1. 1. Burning the Lookout
  2. 2. ● Senior Security Researcher @ CrowdStrike ● Project Director / Intern @ MalShare ● Project Director @ Project 25499 ● Twitter: @SilasCutler ● Email: silascutler@riseup.net > whoami
  3. 3. Crash course in Lawful Intercept
  4. 4. ● Process, Tools, Ability for Law Enforcement to collect as part of investigations (wiretaps) ○ CALEA (Communications Assistance for Law Enforcement Act) ○ ESTI (European Telecommunications Standards Institute) ● Standard deployment ○ Intercept Access Point (IAP) ○ Mediation Device ○ Lawful Intercept Administration (LIA) Crash course on Lawful Intercept Cell Tower/Modem Provider Network Internet
  5. 5. Vigia
  6. 6. ● Pastebin 2015 ● Poster claimed to have hacked Brazilian Army after they did a CTF ● Post included: ○ 7000 Credentials ○ 3 Websites Backstory
  7. 7. ● Lawful Intercept Suite developed by SunTech Brazil ● (Mediation Device) ○ View intercepted data from service providers ○ Add new surveillance targets ● Where’s it used? Vigia
  8. 8. Hunting for Vigia ● What are distinct artifacts from these systems? ○ SSL ○ DNS ○ Page Content ● Censys / Shodan / Scans.io / Passive DNS for static patterns ○ /vigia/ or /suntech/ present in SSL certificates ○ vigia.<provider domain>
  9. 9. Why it matters
  10. 10. Why it matters ● Potential for unauthorized eavesdropping ● Previous targeting by foreign and domestic attackers ● Likely other similar systems in the wild
  11. 11. 211,046,525
  12. 12. Questions
  13. 13. Thank you // Fin

×