Jerry Gamblin gave a talk on lessons for security professionals from studying historical dictators and their programs. He discussed insider threats using examples like Caesar and Brutus, and Edward Snowden. For incident response, he examined Napoleon's execution of the Duke of Enghien. He questioned whether security programs focus too much on new tools over basics like user training and patching. Finally, he compared overreliance on technology without user training to Germany's defeat in WWII despite advanced weapons under Hitler.

1. Security Lessons from Dictators
#44Con
September 12th 2013

2. About me
Jerry Gamblin
Security Specialist
Missouri House Of Representatives
Contact Information:
Jerry.Gamblin@gmail.com
@jgamblin
www.jerrygamblin.com

6. About this talk
History does not repeat itself, but it
does rhyme.
- Mark Twain

7. Security Lessons from Dictators

8. Insider Threats
Et tu, Brute?

9. Gaius
Julius
Caesar
Dictator Perpetuo of The Roman Empire

10. Marcus Junius Brutus
49 BC: Fought with Pompey to Greece
during the civil war against Caesar.
48 BC: Pardoned by Caesar.
46 BC: Made governor of Gaul.
45 BC: Made Praetor.
44 BC: Murdered Caesar

12. How does your company defend
against insider threats?

13. Insider Threats
You can not detect and defend from insider threats from
behind your keyboard.

14. Insider Threats
Insider threats are not a technical issue alone.

15. Insider Threats
People who steal your unprotected information are not
hackers.

16. Edward Snowden
2004: Enlisted in the United States Army as a
Special Forces recruit.
2005: Security Guard for the National Security
Agency
2007: Network Administrator for the State
Department
2011: Worked for NSA in Japan.
2012: Contractor for Booze Allen Hamilton.
2013: Leaked NSA surveillance programs to
the press.

17. Could you have identified and
stopped Edward Snowden on your
network?

18. Incident Response
Executing of the Duke of Enghien.

19. Napoleon Bonaparte
Emperor of France

20. Louis Antoine
Duke of Enghien
•
Only son of Louis Henri de Bourbon.
•
Given the title Duke of Enghien at birth.
•
Military school at Commodore de Vinieux.
•
Fought in the French Revolutionary Wars
against France.
•
Married Charlotte de Rohan.
•
Arrested for allegedly being part of the
Cadoudal–Pichegru conspiracy

23. Incident Response
C'est pire qu'un crime, c'est une faute

24. How does your incident response
plan look in real life?

27. How can security professionals
handle investigations better?

28. Hacking Back
Suspending habeas corpus.

29. Abraham Lincoln
16th President of the United States of America

32. Hacking Back
You are engaged in repressing an insurrection against the laws
of the United States. If at any point on or in the vicinity of any
military line which is now or which shall be used between the
city of Philadelphia and the city of Washington you find
[resistance] which renders it necessary to suspend the writ of
habeas corpus for the public safety, you personally or through
the officer in command at the point where resistance occurs are
authorized to suspend that writ.
Lincoln to General Winfield Scott on April 27, 1861

33. Article 1. Section 9.
of the United States Constitution
The privilege of the writ of
habeas corpus shall not be
suspended (by congress),
unless when in cases of
rebellion or invasion the
public safety may require
it.

34. Ex parte Merryman
Such is the case now before
me, and I can only say that if
the authority which the
constitution has confided to
the judiciary can be usurped
by the President the people of
the United States are no longer
living under a government of
laws.

35. Jon Huntsman
Commission on
Theft of American Intellectual Property
Without damaging the
intruder’s own network,
companies that experience
cyber theft ought to be able to
retrieve their electronic files or
prevent the exploitation of their
stolen information.

38. We'd politely remind
them there's a federal
criminal statute
barring that.
Justice Department's Computer Crime and
Intellectual Property Section.

40. What do you think the future of
hacking back (active defense) is?

41. Advanced Tools Over Proven Techniques
Next Generation Everything!!!!!

42. I am getting ready to use Adolf Hitler and WWII to make a point
about network security. I am not trying to be flippant or
disrespectful in the slightest and I understand the extreme cost
of war.

43. Adolf
Hitler
Führer of Germany

44. Wunderwaffe
Sturmgewehr 44 - The first assault rifle
Horten Ho 229 - A turbojet flying wing stealth
jet fighter/bomber
Flettner Fl 265 - The world's earliest known
airworthy synchropter
Schwerer Gustav - An 800mm railway gun
V2 - First human-made object to achieve
sub-orbital spaceflight

50. It has been argued that Germany lost
WWII by picking advanced tools over
proven techniques…

51. … just like IT security.
 Highly Trained Staff
 Everyone has a CISSP!
 No End User Training
 Unless mandated
 Patch Management System
 End Users Have Admin Rights.
 Next Generation Firewall
 No Auditing of Web Apps.
 Shiny SIEM
 No one actually checks logs.
 New Security Policy Guidelines
 Shadow IT has taken over.

53. Why do security professionals have
such a hard time getting the basics
right?

54. Poor Security Awareness Training
USB Drives Don’t Grown In The Desert

55. Grand Ayatollah Seyed
Ali Hosseini Khamenei
Supreme Leader of Iran

56. Nuclear Program of Iran
• 1957: The United States and Iran sign a civil nuclear co-operation agreement as part of the
U.S. Atoms for Peace program.
• 1968: Iran signs the Nuclear Non-Proliferation Treaty and ratifies it.
• 1979: Iran's Islamic revolution puts a freeze on the existing nuclear program.
• 1982: Iranian officials announced that they planned to build a reactor powered by their
own uranium at the Isfahan Nuclear Technology Centre.
• 1995: Iran signs an $800 million contract with the Russian Ministry of Atomic Energy in Busheh.
• 2002: The United States accuses Iran of attempting to make nuclear weapons.
• 2004: Iran removes seals placed upon uranium centrifuges by the International Atomic
Energy Agency and resumes construction of the centrifuges at Natanz.

58. Iranian Nuclear Scientist Killed
• Masoud Alimohammadi
• January 12, 2010
• Majid Shahriari
• November 29, 2010
• Fereydoon Abbasi
• November 29, 2010
• Darioush Rezaeinejad
• July 23, 2011
• Mostafa Ahmadi-Roshan
• January 11, 2012

60. Stuxnet
• Computer worm discovered in June 2010
• Written by the US and Israel to attack Iran's
nuclear facilities
• Stuxnet infects PLCs by subverting the Step-7
software application that is used to
reprogram these devices.
• It is initially spread using USB flash drives.

61. Bruce Schneier
I personally believe that
training users in security is
generally a waste of time, and
that the money can be spent
better elsewhere.

64. What are your thoughts on security
awareness programs?

65. Misplaced Priorities

66. Kim
Jong-un
• First Secretary of the Workers' Party of Korea
• First Chairman of the National Defense
Commission of North Korea
• Commander of the Korean People's Army

67. North Korean Nuclear Program
Phase I (1956–80) Start of North Korea’s
domestic plutonium production program.
Phase II (1980–94) Growth of North
Korea’s domestic plutonium production
program.
Phase III (1994–2002) covers the period of
the "nuclear freeze".
Phase IV (2002–present) Renewed
nuclear activities and tests.

74. What does your priority list look like
for your security program?

75. Questions?

76. Contact Info
Jerry Gamblin
Security Specialist
Missouri House Of Representatives
Contact Information:
Jerry.Gamblin@gmail.com
@jgamblin
www.jerrygamblin.com

77. Thank You

78. Richard Clarke
“If you spend more on printer
ink than on IT security, you will
be hacked. What's more, you
deserve to be hacked."