Robert Rowley, profile picture
Uploaded byRobert Rowley
ODP, PPTX1,708 views

Detecting and Defending Your Privacy Against State-Actor Surveillance

The document discusses various methods for detecting and defending against state-actor surveillance, highlighting issues such as hardware and software bugs, WiFi monitoring, and persistent compromise devices. It emphasizes the importance of evidence in identifying surveillance tools and suggests further reading for more information. The speaker invites engagement and discussion on the topic via Twitter.

Embed presentation

Download as ODP, PPTX
Detecting & Defending Against State-Actor Surveillance Robert R @iamlei
Intro whoami uid=1(robert)groups=(speaker,advocate,researcher,IVU) @iamlei
Breakdown ● I have only 20 minutes ... ● ● ● ● ● Hardware bugs Software bugs Wifi monitoring Cell phone bugs/monitoring Conclusions
Surveillance Skymall leaks
Hardware Bugs Retro Reflectors SURLYSPAWN LOUDAUTO RAGEMASTER TAWDRYYARD
Hardware Bugs RF Bug Prevention
Hardware Bugs RF Bug Prevention
Hardware Bugs RF Bug Detection HackRF or Any Radio Frequency Monitor
Hardware Bugs Data Exfiltration COTTONMOUTH I, II, III HOWLERMONKEY GINSU FIREWALK
Persistent Compromise GODSURGE HEAD/HALLUX WATER SCHOOL/SIERRA/STUCCO MONTANA JETPLOW FEED/GOURMET/SOUFFLE TROUGH
Detecting Persistent Compromise Devices
Detecting Persistent Compromise Devices
Software Exploits SWAP IRATEMONK WISTFULTOLL DEITYBOUNCE
BIOS/Firmware/CF Card Hacked? Re-Flash Devices
Wifi Devices SPARROW NIGHTSTAND
Cell Phone Bugs Base Stations CYCLONE CROSSBEAM, EBSR, ENTOURAGE, NEBULA, TYPHO Intelligence GENESIS, WATERWICH, CANDYGRAM
Cell Phone Bugs
Conclusions ● Bugs are detectable Many are based on attacks covered in Hacker cons ● Hard evidence is better than Hearsay I want to hear from the first person who finds one! ● Tin-Foil hats are not stylish
Further Reading & Sources ● Michael Ossmann (ossmann.blogspot.com) ● Bruce Shneier (www.schneier.com) ● http://leaksource.files.wordpress.com ● http://PrivacyTechJournal.com Harass me on twitter: @iamlei

More Related Content

PDF
Catalogue
byMaxpromotion
 
DOCX
Mark Jensen Resume
byMark Jensen
 
PDF
Eod & facility equipment presentation
bysecurityprousa
 
PDF
Catálogo CFTV
byMateus Francisco
 
PPTX
pre-production documents
bydinu0777
 
ODP
Privacy; Past, Present and Future
byRobert Rowley
 
PDF
WordPress Security (know your enemy WordCamp Kyoto)
byRobert Rowley
 
ODP
Wordpress Security 101
byRobert Rowley
 
Catalogue
byMaxpromotion
 
Mark Jensen Resume
byMark Jensen
 
Eod & facility equipment presentation
bysecurityprousa
 
Catálogo CFTV
byMateus Francisco
 
pre-production documents
bydinu0777
 
Privacy; Past, Present and Future
byRobert Rowley
 
WordPress Security (know your enemy WordCamp Kyoto)
byRobert Rowley
 
Wordpress Security 101
byRobert Rowley
 

Recently uploaded

PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PDF
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Regenerative Agriculture Finance : Environmental impact
byrose mason
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 

Featured

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
Skeleton Culture Code
bySkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 

Detecting and Defending Your Privacy Against State-Actor Surveillance

Editor's Notes

  • #3 I've been part of the hacker 'scene' for the majority of my life now, I present a lot about security, and care a lot about civil rights, here is where the two intersect I don't take well to hearsay arguments (e.g.. someone saying “this is how it is!” without evidence) I really care about government spying, after my experience at a young age with a FBI visit to my house (that was a scare n' care, abusing the patriot act) I care more now, after holding a job where I regularly addressed inquiries (subpoena/warrants) from intelligence agencies.
  • #4 Appelbaum made a big stink at 30c3. Lots of talk about what they were using, but nothing about what to do... so this is the missing part of that talk. Released a 'catalog' of tools/bugs intelligence agencies could buy for surveillance needs. I will cover the 'how to detect', and where possible 'how to defend' against these surveillance bugs. I will hope I get bugged myself, more than deal with some crazy plot (don-pope-tinefoil-hat)
  • #6 RF transmitters, unknown frequencies Surlyspawn: Keyboard Ragemaster: VGA cable (red line) Loudauto: Embedded microphone Tawdryyard: Radio Beacon (think RFID) Defenses: RF bug sniffer, physical inspection
  • #7 HackRF Complaicaiotns: knowing frequencies
  • #8 HackRF Complaicaiotns: knowing frequencies
  • #9 HackRF Complaicaiotns: knowing frequencies
  • #10 COTTONMOUTH: Every USB bug possible GINSU: PCI bus bug HOWLERMONKEY: RF transceiver (works with other things) FIREWALK: Ethernet bug (inject traffic)
  • #11 Devices injected either directly to JTAG (godsurge), BIOS, or comapct flash cards (*montana) to provide persistent compromise on a device
  • #12 Look inside
  • #13 Look inside
  • #14 SWAP/IRATEMONK (Hard drive firmware/MR) WISTFULTOLL/DIETBOUNCE (motherboard BIOS)
  • #15 SWAP/IRATEMONK (Hard drive firmware/MR) WISTFULTOLL/DIETBOUNCE (motherboard BIOS)
  • #16 SPARROW – UAV NIGHTSTAND – More worried about pineapple's from Hack5
  • #17 CellTower Canary or Pair of pants with RF signal blocking pockets (e.g.. don't bring your devices where you dont want to be tracked)
  • #19 Remember: This is the same government that could not roll out a health insurance website.