1 i’m a suit in a cyber world! october 2011 twitter: #cybergamut
TRANSCRIPT
30
History and Why Change• In 2008 SAIC established cybernexus
– Coming together or “nexus” of cyber analysts– Central Maryland
• In 2011 cybernexus renamed cybergamut– Runs the “gamut” of cyber disciplines– Global organization
• cybergamut nodes– Socorro, New Mexico– Sioux Falls, South Dakota– San Antonio, Texas– Northern Virginia (Tysons Corner and Herndon)
31
Mission Statement
cybergamut is a worldwide community of practice for cyber professionals across industry, academia, and government providing ongoing education, training, and certification opportunities throughout all phases of a cyber professional’s career, utilizing traditional methods as well as non-traditional techniques like puzzles, Easter Eggs, and problem solving.
36
Technical Tuesday
• What it is – a technical exchange
• What it is not– A sales presentation– A product endorsement– For discussion of procurements – For discussion of procurement related issues
37
PDU and CPE
• PMI PDU’s– PMI Baltimore approved most Technical Tuesday
events as eligible for PMI PDU’s under Category B, Continuing Education
• CPE’s for CISSP– Self certification
• Other certifications– What do you need?
38
Previous Topics• Defending a Large Network
– Brian Rexroad of AT&T– 2 Dec 2008
• DNI Essentials– Paul Schnegelberger of SAIC and John Sanders of
Northrop Grumman TASC– Nov/Dec 2008
• Digital Forensics– Jim Jaeger of General Dynamics– 13 Jan 2009
• Case Studies in Cyber Attacks – Aaron Wilson of SAIC– 13 Jan 2009
• Trickler– Greg Virgin of RedJack– 27 Jan 2009
• Security Tools– Peiter “Mudge” Zatko of BBN– 27 Jan 2009
• IPv6– David Harris of SAIC– 10 Feb 2009
• Exploitation Prediction – Darryl Ackley of New Mexico Tech– 24 Feb 2009
• Analytic and IO Tools– Clift Briscoe and Nat Cooper of Edge– 24 Mar 2009
• Distributed Systems Technologies and Internet Intelligence
– George Economou of Akamai– 24 Mar 2009
• Exploring the Social World of the Russian Hacker Community
– Tom Holt of Michigan State University– 10 Mar 2009
• Modern Forensic Investigative Techniques – Amber Schroader of Paraben– 10 Mar 2009
• Defending Against BGP Man-In-The-Middle Attacks
– Earl Zmijewski of Renesys– 14 Apr 2009
• Examining the Storm Worm– Nico Lacchini of TDI– 26 May 2009
• No-Tech Hacking– Johnny Long– 11 Jun 2009
• Dirty Secrets of the Security Industry– Bruce Potter of Ponte Technologies– 14 Jul 2009
• Windows Forensic Analysis: Dissecting the Windows Registry
– Rob Lee of MANDIANT and the SANS Institute– 18 Aug 2009
• Silence of the RAM– Sean Bodmer of Savid Corporation– 22 Sep 2009
• VoIP Security - Attacks, Threats and Countermeasures
– Stuart McLeod of Global Knowledge– 3 Nov 2009
39
Previous Topics cont.• A Tale of Two Departments – How Commerce
and State Dealt With Chinese Intrusions: Lessons Learned Plus: Security Heroes and the 20 Critical Controls
– Alan Paller of the SANS Institute– 9 Mar 2010
• Aurora– Aaron Barr of HBGary Federal– 27 Apr 2010
• Malware reverse engineering at ITT – Paul Frank of ITT– 25 May 2010
• Advanced Cyber Collection Techniques; Extracting and Analyzing Information from the Domain Name System
– Tim Cague of The CYAN Group– 10 Aug 2010
• The Rise of the Social Web – Aaron Barr of HBGary Federal– 5 Oct 2010
• Why Security People S#ck – Gene Bransfield of Tenacity Solutions– 9 Nov 2010
• Insider Threat and Real-World Incident Study– Presented by Michael Collins & Greg Virgin of
RedJack along with Jim Downey of DISA PEO-MA– 30 Nov 2010
• Network Monitoring– Josh Goldfarb of 21st Century Technologies– 4 Jan 2011
• Network Device Exploitation with Universal Plug & Play
– Terry Dunlap of Tactical Network Solutions– 8 Feb 2011
• Deep Packet Inspection for Cybersecurity ASW&R
– Jeff Kuhn of Pangia Technologies– 29 Mar 2011
• Stuxnet Redux: Malware Attribution & Lessons Learned
– Tom Parker of Securicon – 19 Apr 2011
• Special Technical Tuesday and renaming– 10 May 2011
• APT Intrusion Remediation: The Top Do's and Don'ts
– Rob Lee of MANDIANT and The SANS Institute– 24 May 2011
• Deep Packet Inspection– Peder Jungck of Cloudshield and SAIC– 28 Jun 2011
• Our Security Status is Grim– Brian Snow– 19 Jul 2011
• Cellular Security– Jason MacLulich of Endace– 9 Aug 2011
• Government Cyber Technical Directors’ Panel– 30 Aug 2011
40
Upcoming Technical Tuesdays• Hacking Windows 7 and defending against physical attacks
– 18 Oct 2011– Jesse Varsalone
• Looking for more speakers and topics such as:– Tor routing– Malware reverse engineering– Cyber situational awareness– Splunk– Cloud computing and cloud forensics– Geolocation of IP addresses and mobile devices– Digital forensics– E-discovery– Attack attribution– Deep packet inspection– Fuzzing– Writing secure code
To suggest topics, volunteer to speak, or to receive an invitation, please contact: [email protected]
44
Foreign Language
• 1337 = LEET = short for elite (maybe)– 5uit = Suit
• Pwn = Own– Your computer has been pwned
• Teh = the– Accidents become purposeful– This was before spell checkers – hard to do now
• Texting– LOL– ROFL– - OMG Powerpoint translated : and ) to this
45
Different Culture
• 95% male• Black T-shirts• Interesting facial hair• Body art• Add alcohol and mix vigorously• Stickers everywhere• Lock picking for fun (lock sport)• Hackers aren’t all Bad
– I Hack Charities• As a 5uit, I’m counter-counter-culture
50
Pure evil – or is it?
• Wireless diabetes pump exploit
• Exploit released by a pump user• Wants manufacturer to fix the problem
• This is typical of many of the things released
51
Bot in a Botnet
• What’s a Bot and what’s a Botnet?– Computers that have been taken over– Used for distribution of Spam and Malware– Used for other nefarious deeds
52
Bot in a Botnet
• What’s a Bot and what’s a Botnet?– Computers that have been taken over– Used for distribution of Spam and Malware– Used for other nefarious deeds
• Does your Mom care?
53
Bot in a Botnet
• What’s a Bot and what’s a Botnet?– Computers that have been taken over– Used for distribution of Spam and Malware– Used for other nefarious deeds
• Does your Mom care?
• Do you care?
76
Social Engineering
• Extremely effective
• DEFCON Social Engineering Contest– Amazing what people will give away– Help desks were overly helpful
81
Phishing and Spearphishing
• E-mails and targeted e-mails– Usually with a link– Watch for typo’s and misspelllings
• V1AGRA
• [Insert company name here] has been sold!
88
Phishing and Spearphishing
• E-mails and targeted e-mails– Usually with a link– Watch for typo’s and misspelllings
• V1AGRA
• [Insert company name here] has been sold!
• DEFCON Skybox Demo– Trend tracking via Twitter– Tracking an individual via Social Media– Tiny urls and Bit.ly
89
GPS and other evil devices
• GPS, iPhones, etc remember everything
• iPhones sync EVERYTHING with their host
• Windows 7 Registry saves things a long time
• Forensics examiner’s dream
• Car thieves “Go Home”– You’re not home and now you’re stranded
90
GPS and other evil devices
• GPS, iPhones, etc remember everything
• iPhones sync EVERYTHING with their host
• Windows 7 Registry saves things a long time
• Forensics examiner’s dream
• Car thieves “Go Home”– You’re not home and now you’re stranded
91
Supply Chain
• Where was your code written?• Where was your hardware produced?• How did it get to you?
• Thumb drives• Hard drives
92
X begets Y begets Z…• Needs beget innovation• Innovation begets technology• Policy and strategy follow
– aren’t necessarily “begotten”• Lack of policy begets ineffective or non-strategy• Doctrine is the military word for policy• Tactics are the refinement of military strategy• difference between responsibility and authority
– DHS has responsibilities– DoD has many clearly defined authorities
• National Cyber Policy is challenging– AFCEA story
104
Steganography
• None of those pictures– I don’t think anyway…
• Very hard to detect in a single picture– Potential detection if you have both pictures
50 KB 450 KB
105
Other Scary/Cool Concepts
• Segmented polymorphic malware– Bad stuff that changes its looks, delivered in parts
• Metamorphic malware– Bad stuff that changes what it does
• Cloud Computing – distributed virtualization– Which denomination?
• Hadoop – son’s toy elephant– Cloud Security– Cloud Forensics
• Zero-day– Brand new malware or exploits
107
Social Networking
• “On the Internet, nobody knows you’re a dog”– New Yorker Magazine, 1993– Still true today
• Do you really know who your Friends are?– Would you cross the street to see them in person?– What are you revealing in your posts?
109
Social Networking
• “On the Internet, nobody knows you’re a dog”– New Yorker Magazine, 1993– Still true today
• Do you really know who your Friends are?– Would you cross the street to see them in person?– What are you revealing in your posts?
• “My Daddy’s dating…”• Twitter - #cybergamut
– Spontaneous and quick– No filter– No retraction after re-tweet
112
Location-based Services
• Facebook Places and Foursquare• Preparation for Travel
– Set up light timers– Make your home look lived in
• “Check in” at out of state locations• Photo metadata• Okay for my Friends to know• What about Friends of Friends?
– What about Mafia Wars Friends of Friends?
117
User Names and Passwords
• Anonymous and LULZ Sony Attacks– 77 million users affected
• Other large data thefts
• User Name and Password combinations– How many do you use?
– Remember the Bots?!?
– This got my attention!
122
Cyber Increases
• Volume = 123 slides
• Variety = 25 topics
• Velocity = 1 hour = ~29 sec per slide