Stuart Coulson, a social engineer, emphasizes the pervasive threat of cybersecurity breaches, highlighting that 50 million attacks annually in the UK caused £27 billion in economic damage. He argues that current security measures are often inadequate, and that both individuals and organizations are generally unprepared for attacks. The talk urges proactive engagement and awareness in cybersecurity to counter the growing threat from criminals.

1. Long Live the Hacker
Stuart Coulson
@spcoulson

2. I’m a hacker
 I’m not a technical hacker
 BUT ... I know a lot of people who are!
 I’m an Social Engineer
 I work for a security company ...
... But I’m not representing them here
 I’m good at scaring you ... Be ready!


3. 50
27
49
You can ensure the
safety of your
defence if you only
hold positions that
cannot be attacked.

4. 50 million
online attacks
a year in the
UK
Damage to the
UK economy
in 2012 was
£27 billion
49% of parents
take measures
to protect
their children
online

5. You can ensure the
safety of your
defence if you only
hold positions that
cannot be attacked.
But can you
really defend
from hackers ?

6. 
You are not safe.

You never were.
50+%
•Of all web apps are
(Cross Site Script) XSS
vulnerable
31%


•Of all vulnerabilities are
for web apps
46+%
•Of 3rd party CMS plugins are left un-patched
<6%
•Of Android devices are
up to date
You never will be.
Even when you
think you are, you
are not.

7. 
Even now, who
knows what is
happening to them
as they sit here?

Am I scanning your
devices as we speak?

Did you talk to me
earlier?
◦ What did I learn about
you ?

8. 
If security was working then why :
◦ Were there still 50million SUCCESSFUL attacks ?
◦ Why did we have a £27billion hit on the economy?
◦ Why are 51% of kids going un-protected online?

9. We buy products that will fix things
•But they don’t work on all attack surfaces, they don’t fix everything.
We don’t want the intrusive nature of security
•Security should be like glass, you know it’s there, but it’s not visible – this is rarely the
case!
We listen to all these lectures and training programmes but we don’t
implement it everywhere
•Security Apathy !
•I’m bored of Infosec, can I not just download a Torrent instead?

10. Courtesy of @Wh1t3Rabbit
‘secure’ isn’t realistic, and spending too much time on ‘prevention’
can in fact be dangerous..




A fire safe has two critical
factors : time and temperature.
2hr safe will withstand 2 hours
of burn time at external
temperatures of about 1,700oF
Over that 2 hours, is left to
luck, and probably doesn't
bode well for the contents.
the average fire crew response
time is under 15 minutes to
your curb and then all you
need is the time to put out the
blaze.

Your security is like the safe.

Your security is there to make
the criminal work harder for as
long as possible to give you as
much time as possible to
detect the attack.
SQLi – seconds

Think :

◦ Detect, Deter, Respond

11. D-Link router
backdoors
Web App
vulnerabilities
EVERYTHING
Java
Scada devices
WHMCS SQLi
BIND in DNS
EVERYTHING
Social Media
The internet of
INSECURE
things
This is going
to be a long
afternoon!

12. 

Type in an Instagram
Hashtag
It shows you
◦ A picture,
◦ Where it was tagged
◦ The link to the account

What was your
username again?
Look up Oggcamp
Did you take this ?
8 bit Fignition.

13. 

Type in a location,
select an area or type a
twitter handle
It shows you social
media with location
tags
Look up OggCamp
Is that your house ?

14. 
As much as we don’t
like them ... GCHQ

@grimmers92
◦ Arron Grimshaw
 Likes Drake, Basketball,
has 3 kids, OY13NUC
(Black Audi)

Jamesbmem
◦ James Shields (MCr)
 Xbox 360, 1 kid, Man Utd
Look up GCHQ
#The Lads #GCHQ
Saturday...

15. 
Yep ... We can look up
GCQH
Look up GCHQ
And I thought cameras
were banned !

16. And all it takes is ... one little tick box
Is yours on or off ?
Do you care ?
Will you really turn it off because I ask you to ?
Will your kids, spouse, friends ?
Who needs PRISM / Echeleon / or tin foil hats !!

17. 
So my big question I guess to the other
7billion people I share the world with is ...

How can I get ‘you’ to wake up and smell the
coffee before the criminals take over?

How can the vendors EVER get ahead of the
criminals?

The harsh reality is that the criminals are
winning!

18. 
Because ...
◦ It only takes one person.
 Edward Snowden
◦ It only takes one vendor.
 Sony
◦ It only takes one leak.
 Julian Assange
◦ It only takes one un-patched machine.
 (too many to mention!)

19. Spread
the love
Don’t
hide
Let’s
talk

20. 




C’mon who wants a
digital hug ...
Help
Help
Help
Help
a
a
a
a
friend
relative
school
community

21. 


If you have an idea,
don’t sit on it!
This ain’t going to
fix itself!
Don’t find the
faults, find the
solutions

22. 


Get a blog going on
the topic!
Write a Slideshare
Write some code
◦ THEN SHOUT ABOUT
IT !!

23. Blog
Hiddentext.co.uk
Twitter
@SPCoulson
Personal