WHO NEEDS SECRET SERVICES?

INTELLIGENCE@HOME Dr Vasileios Vlachos

Professor of Technological Applications

Department of Computer Science and Engineering

School of Technological Applications

Technological Educational Institute (TEI) of Thessaly

Snowden leaks: Tailored Access Operations (TAO)

Edward Snowden nominated for Nobel peace prize…

“traitor to the oath he took to his fellow employees, to the duty he took freely by his own choice.”

Secretary of State John Kerry

Global Surveillance

Source https://en.wikipedia.org/wiki/Edward_Snowden

Global Surveillance

Source https://en.wikipedia.org/wiki/Global_surveillance_disclosures_%282013%E2%80%93present%29

Global Surveillance

China: People’s Liberation Army (PLA)

• People’s Liberation Army, GSD 3rd Department, 2nd

Bureau (Unit 61398) && Shanghai Jiao Tong University?

North Korea: Korean People’s Army (KPA)

• Joint Chiefs Cyber Warfare Unit

• Enemy Secret Department Cyber Psychological Warfare Unit 204

• Central Party’s Investigation Department Unit 35

Rising Powers and Asymmetric Threats

Rising Powers and Asymmetric Threats

Russia:

• Center for Research of Military Strength of Foreign Countries

• GRU

• Federal Commission for Government Communication and Information, FAPSI

Post mortem analysis of a cyber attack

�They utilize the same registrars (eg NAUNET) with sites with fake

passports, ATM skimmers, child pornography (WHOIS information)

�They use the same IP blocks - providers (steadyhost.ru) physically

located next to the Center for Research of Military Strength of Foreign

Countries / GRU

�Operated by SoftLayer Technologies (StopBadware.org Top 10 worst

badware network blocks)

�And are unable to disconnect servers after 45 days and multiple requests

at the highest level

StopGeorgia.ru

Offending ISP provider next to the Center for Research of Military

Strength of Foreign Countries /GRU

Source: Jeffrey Carr co founder of Project Grey Goose and author of the book Inside Cyber Warfare

VP Sergei Ivanov and P. Vrublevsky (Red)

Source: http://www.krebsonsecurity.com

Who needs secret services? Location tracking

Creepy:•Flickr•EXIF tags•Tweets•Foursquare check-in’s

Raytheon Rapid Information Overlay Technology (RIOT- )•Facebook•Twitter•Gowalla•Foursquare

The Call of the Crowd: Event Participation in Location-based Social Services.Petko Georgiev, Anastasios Noulas, Cecilia Mascolo.In Proceedings of the Eighth International AAAI Conference on Weblogs and Social Media (ICWSM 2014). Ann Arbour, Michigan, USA, June 2014.

Who needs secret services? Information LeakageCitadel•Basic package. Price: $2,399.00

•BotID. Price: $495.00

• High-quality SOCKS checker module (99.9% accuracy) Price: $49.00

•Executable files auto-encryption module. Price: $395.00

•Log parser module. Price: $295.00

•Monthly maintenance. Price: $125

“We’re offering a great solution for creating and updating your botnet.We have simply perfected the good old ZeuS, making significant functionality improvements, adapting it to the survival conditions of today’s security landscape, and giving it a new name. We decided to create a “social circle” of support community, which is described later in this article.

Changes have been made both to the bot itself and to the web components. We don’t sell “eye candy”. What you are paying for is the new functionality and coders’ motivation to support the product”Source:https://www.botnets.fr/index.php/Citadel_ZeuS_bot

Who needs secret services? Communication surveillance 1/2

R2D2 "Bundestrojaner” BKA Bundeskriminalamt:

• Rental of the Skype-Capture-Unit per month and instance EUR 3.500

• One-time installation and deinstallation fee on-site EUR 2.500

• Rental SSL-decoding per month and instance EUR 2.500

Source http://wikileaks.org/wiki/Bavarian_trojan_for_non-germans

Who needs secret services? Communication surveillance 2/2 FinFisher: in 20+ countries

Soruce http://www.f-secure.com/weblog/archives/00002601.html

Who needs secret services? Exploits -Penetration testing - Tools• Metasploit• Armitage• Acunetix • Aircrack-ng• Cain & Abel• Ettercap• John The Ripper• Nessus• Nmap • Kismet• Wireshark

Who needs secret services? Social Engineering Social Engineering Toolkit

Who needs secret services? Open Source Intelligence 1/3Maltego / CaseFile Palantir

Who needs secret services? Open Source Intelligence 2/3

SHODAN

Queries: Apache servers near 42.9693,-74.1224: apache geo:42.9693,-74.1224Microsoft-IIS running on Windows 2003: microsoft-iis os:"windows 2003”All data for IP 216.219.143.14: net:216.219.143.14Devices within a 50km radius of San Diego (32.8,-117): geo:32.8,-117,50Look only at the FTP banners for ProFTPd: proftpd port:21

Source http://www.shodanhq.com/

Who needs secret services? Open Source Intelligence 3/3Google:intext:"enable password 7" intext:"enable secret 5 $" intext:"EZGuestbook" intext:"Web Wiz Journal" intitle:"index of" intext:connect.inc intitle:"index of" intext:globals.inc intitle:"Index of" passwords modified

http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302

P2P Networks:“An Internet security company claims that Iran has taken advantage of a computer security breach to obtain engineering and communications information about Marine One, President Barack Obama's helicopter, according to a report by WPXI, NBC's affiliate in Pittsburgh.”

Source http://www.cnet.com/news/data-about-obamas-helicopter-breached-via-p2p/

Greek Entities Responsible for Cyberdefence

• Hellenic National Defence General Staff (HNDGS)

• Cyber-Defence Division of the HNDGS

• National Intelligence Service (national CERT)

• Hellenic Police

• Division of Crisis Management (Hellenic Police Headquarters)

• Cybercrime Prosecution Subdivision (P.D. 9/2011).

…and 10 more (Α∆ΠΧ, Α∆ΑΕ, ΕΕΤΤ, ΕΦΤΑ, Academic CERT, ForthCert)

To fight new asymmetric

cyberthreats we have:

•Develop flexible decentralized small working

groups

•Stop playing power games or trying to

promote our agenda (agency, firm, selfish

attitudes etc)

•Avoid bureaucracy at any cost

•Leave the aside academic credentials, military

ranks or professional certifications and let’s

work on peer to peer basis

Conclusions 1/2

• Collaborate at any level

• Wikis, news lists, web forums, collaborative systems and

many other tools are available at no cost

• Utilize the available resources (from idle web servers to free

meeting rooms)

• Develop an early warning system

• Exchange of non classified information

• Organize workshops, seminars, formal and informal

meetings

Conclusions 2/2

Dr Vasileios Vlachos

vsvlachos@teilar.gr