Date post: | 12-Apr-2018 |
Category: |
Documents |
Upload: | nguyenhuong |
View: | 218 times |
Download: | 3 times |
WHO NEEDS SECRET SERVICES?
INTELLIGENCE@HOME Dr Vasileios Vlachos
Professor of Technological Applications
Department of Computer Science and Engineering
School of Technological Applications
Technological Educational Institute (TEI) of Thessaly
Snowden leaks: Tailored Access Operations (TAO)
Edward Snowden nominated for Nobel peace prize…
“traitor to the oath he took to his fellow employees, to the duty he took freely by his own choice.”
Secretary of State John Kerry
Global Surveillance
Source https://en.wikipedia.org/wiki/Global_surveillance_disclosures_%282013%E2%80%93present%29
China: People’s Liberation Army (PLA)
• People’s Liberation Army, GSD 3rd Department, 2nd
Bureau (Unit 61398) && Shanghai Jiao Tong University?
North Korea: Korean People’s Army (KPA)
• Joint Chiefs Cyber Warfare Unit
• Enemy Secret Department Cyber Psychological Warfare Unit 204
• Central Party’s Investigation Department Unit 35
Rising Powers and Asymmetric Threats
Rising Powers and Asymmetric Threats
Russia:
• Center for Research of Military Strength of Foreign Countries
• GRU
• Federal Commission for Government Communication and Information, FAPSI
Post mortem analysis of a cyber attack
�They utilize the same registrars (eg NAUNET) with sites with fake
passports, ATM skimmers, child pornography (WHOIS information)
�They use the same IP blocks - providers (steadyhost.ru) physically
located next to the Center for Research of Military Strength of Foreign
Countries / GRU
�Operated by SoftLayer Technologies (StopBadware.org Top 10 worst
badware network blocks)
�And are unable to disconnect servers after 45 days and multiple requests
at the highest level
StopGeorgia.ru
Offending ISP provider next to the Center for Research of Military
Strength of Foreign Countries /GRU
Source: Jeffrey Carr co founder of Project Grey Goose and author of the book Inside Cyber Warfare
VP Sergei Ivanov and P. Vrublevsky (Red)
Source: http://www.krebsonsecurity.com
Who needs secret services? Location tracking
Creepy:•Flickr•EXIF tags•Tweets•Foursquare check-in’s
Raytheon Rapid Information Overlay Technology (RIOT- )•Facebook•Twitter•Gowalla•Foursquare
The Call of the Crowd: Event Participation in Location-based Social Services.Petko Georgiev, Anastasios Noulas, Cecilia Mascolo.In Proceedings of the Eighth International AAAI Conference on Weblogs and Social Media (ICWSM 2014). Ann Arbour, Michigan, USA, June 2014.
Who needs secret services? Information LeakageCitadel•Basic package. Price: $2,399.00
•BotID. Price: $495.00
• High-quality SOCKS checker module (99.9% accuracy) Price: $49.00
•Executable files auto-encryption module. Price: $395.00
•Log parser module. Price: $295.00
•Monthly maintenance. Price: $125
“We’re offering a great solution for creating and updating your botnet.We have simply perfected the good old ZeuS, making significant functionality improvements, adapting it to the survival conditions of today’s security landscape, and giving it a new name. We decided to create a “social circle” of support community, which is described later in this article.
Changes have been made both to the bot itself and to the web components. We don’t sell “eye candy”. What you are paying for is the new functionality and coders’ motivation to support the product”Source:https://www.botnets.fr/index.php/Citadel_ZeuS_bot
Who needs secret services? Communication surveillance 1/2
R2D2 "Bundestrojaner” BKA Bundeskriminalamt:
• Rental of the Skype-Capture-Unit per month and instance EUR 3.500
• One-time installation and deinstallation fee on-site EUR 2.500
• Rental SSL-decoding per month and instance EUR 2.500
Source http://wikileaks.org/wiki/Bavarian_trojan_for_non-germans
Who needs secret services? Communication surveillance 2/2 FinFisher: in 20+ countries
Soruce http://www.f-secure.com/weblog/archives/00002601.html
Who needs secret services? Exploits -Penetration testing - Tools• Metasploit• Armitage• Acunetix • Aircrack-ng• Cain & Abel• Ettercap• John The Ripper• Nessus• Nmap • Kismet• Wireshark
Who needs secret services? Open Source Intelligence 2/3
SHODAN
Queries: Apache servers near 42.9693,-74.1224: apache geo:42.9693,-74.1224Microsoft-IIS running on Windows 2003: microsoft-iis os:"windows 2003”All data for IP 216.219.143.14: net:216.219.143.14Devices within a 50km radius of San Diego (32.8,-117): geo:32.8,-117,50Look only at the FTP banners for ProFTPd: proftpd port:21
Source http://www.shodanhq.com/
Who needs secret services? Open Source Intelligence 3/3Google:intext:"enable password 7" intext:"enable secret 5 $" intext:"EZGuestbook" intext:"Web Wiz Journal" intitle:"index of" intext:connect.inc intitle:"index of" intext:globals.inc intitle:"Index of" passwords modified
http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302
P2P Networks:“An Internet security company claims that Iran has taken advantage of a computer security breach to obtain engineering and communications information about Marine One, President Barack Obama's helicopter, according to a report by WPXI, NBC's affiliate in Pittsburgh.”
Source http://www.cnet.com/news/data-about-obamas-helicopter-breached-via-p2p/
Greek Entities Responsible for Cyberdefence
• Hellenic National Defence General Staff (HNDGS)
• Cyber-Defence Division of the HNDGS
• National Intelligence Service (national CERT)
• Hellenic Police
• Division of Crisis Management (Hellenic Police Headquarters)
• Cybercrime Prosecution Subdivision (P.D. 9/2011).
…and 10 more (Α∆ΠΧ, Α∆ΑΕ, ΕΕΤΤ, ΕΦΤΑ, Academic CERT, ForthCert)
To fight new asymmetric
cyberthreats we have:
•Develop flexible decentralized small working
groups
•Stop playing power games or trying to
promote our agenda (agency, firm, selfish
attitudes etc)
•Avoid bureaucracy at any cost
•Leave the aside academic credentials, military
ranks or professional certifications and let’s
work on peer to peer basis
Conclusions 1/2
• Collaborate at any level
• Wikis, news lists, web forums, collaborative systems and
many other tools are available at no cost
• Utilize the available resources (from idle web servers to free
meeting rooms)
• Develop an early warning system
• Exchange of non classified information
• Organize workshops, seminars, formal and informal
meetings
Conclusions 2/2