Download - Salander v bond b sides detroit final v3
Corporate Spies
Lisbeth Salander vs James Bond
Overview
Background
Intelligence Life Cycle
War Stories
Anti-Anti-Corporate Spy Training
Conclusions and Review
Take Aways
The 4 principal motivators of betrayals
Anti-anti-espionage training
Incorporating what we’ve learned into our OPSEC measures
Mandatory Self Definition
@Antitree Intrepidus Group: mobile hacking BSidesDetroit12: Jukebox hack Organizer: BSidesROC Founding Member of Interlock Rochester “cyber”
Background
Every fortune 500 organization has an intelligence program under some other title› Competitive intelligence, corporate intel, business
analysis Corporate spies are almost never caught, and
almost never convicted, and never serve more than 1 year in a “corporate spy” prison.
James Bond
MI6 operative Relies on Humans as
sources of intel Somehow explodes
everything Makes love to pretty
ladies
Lisbeth Salander
Works as a PI Socially unacceptable Intelligence comes through technical
means Also makes love to pretty ladies
Types of Intel Agents Government Employees:
› CIA, Marines, Homeland security› Provide intel and counter intel services
Corporate Competitive Intelligence employees› Work for an organization to provide intel on their competitors› Mostly ethical practices
Private Corporate Spies› Individuals or private organizations that sell secrets between
companies› Focused, well paid, completely illegal
HUMINT VS TECHINT
Scenarios
Break into network steal documents Phishing campaign steals creds Malware targeting a company
TEC
HIN
T
Benefits
Costs
Direct unfettered access to intelligence No middlemen Limited risk of inflation, lying Lower risk of being caught
More defense measures are in place compared to HUMINT
Clearly defined laws regarding IP, hacking, etc
Scenarios
Turning a secretary to tell you who the CEO is meeting with
Paying a VP for financial information Convincing a QA dept to give you
access to products
HU
MIN
T
Benefits
Costs
Information directly from the source Can be the “fall guy” Can circumvent any network security
measures Context for intelligence
The most sensitive information is in small circles
Possibility for betrayal, lying, or inflating information
Humans need coddling
Principal Motivators for Betrayal
Money: I will pay you $50,000.
Ideology: Do it for the greater good of your country!
Coersion: If you don’t do this, your will will find out about your mistress.
Ego: I’ve been watching you and you’re the best in the business. I need your help.
The Intelligence Life Cycle
Intelligence Cycle For Spooks
Define Target
Develop Access
Process Intel Exit
Define Target
Develop Access
Process Intel ExitDefine
Target
Defining the target
Recon: (information gathering) Goals: (target identification)
› Secret codes› Business Plans
Entry Points: (vulnerabilities) Identify potential sources
Information Horizon
Information horizon› Knowledge of people in the organization› Knowledge of business practices
Attacks can use a combination of knowledge to exploit
Start in the outer hub, and ride a spoke to next layer
Pivoting
Finding People Online Ready To Turn
Ask benign questions for secret information “I’m thinking about buying a new digital camera, what
is Kodak coming out with?” “What kind of IDS does Linode use internally? I’m
concerned about sensitive information getting hacked” Question sites:
› Yahoo Answers› Stack Exchange› Forums
Turning Sources Single Parent Rule: People can justify just about any
action, if taken to improve the lot of their children. (Money)
Disgruntled Employees: Employees with cut salaries or got laid off turn bitter and vengeful (Ideology, Ego)
Bad credit scores(Money) Sexual disclosure (Coersion)
› Cheating spouse› Pornography habits
Define Target
Develop Access
Process Intel ExitDevelop
Access
Developing Access: TECHINT
Network penetration Surveillance Malware / APT OSINT
Developing Access: HUMINT
All Social Engineering tactics apply Study potential sources, their interests,
the habits Define personality type and
vulnerabilities: › Loud and egotistical › quiet and non-confrontational
Developing Access: HUMINT
Hang out at the bars they do Become friends Find what will motivate them
Define Target
Develop Access
Process Intel ExitProces
s Intel
Collecting Intel from sources
Establish a Tradecraft: (AKA Stego for meat sacks)
Dead Drops Meeting Points Code words
No Attribution!
Types of non-attribution:› Anonymity: no idea who did it› Spoof: blame someone else› Deniability: oh it was just a bot in China.
*shrug* Communication Security vs Storage
Security
Define Target
Develop Access
Process Intel ExitExit
Selling Intel
Sell to mid-level VPs not the CEO Organizations will always want
plausible deniability Negotiate the terms
Cleanup
Decommission operation theater Spin down connection with sources
› Maintain surveillance Destroy/Scrub all information
› Friends + Thermite
War Stories
Peter and the Wolf Peter is going through a divorce Alex – Russian spy – hangs out in bars and coffee shops near targeted
areas of DC Alex becomes Peter’s friend over 2 months Alex pays Peter for phone number of people inside his company Tradecraft:
› Used pass phrases to leave messages and confirm the identity while trading information
› Make a chalk mark on the mailbox Alex gets one of his other ops to exchange information about “Star Wars” Peter social engineers an IT admin fixing the wiring closet Peter steals the documents off the network and exfiltrates it back to
Moscow
Lessons Learned?
Primary Motivator: Money Spies are friendly Tradecraft
› Chalk mailbox› Pass phrases
Bill Gaede
Bill Gaede Started working for AMD in 1979 Walks up to the Cuban embassy in 1982 and says “I want
to be spy” 1989 communism is boring 1992 he turns himself into the CIA becomes a double
agent 1992 he goes to work for Intel 1994 he flies to South America and sells Pentium secrets Tries to sell the secrets to North Korea, China, Iran, and
AMD
How? Walked around picking up random documents and
photo copying them Used lots of photo copiers so security would never
notice Guards only looked for green or blue paper Charismatic
› Access to new tech was just because his friends gave it to him
› Offered to do favors for everyone› Always befriended secretaries
Lessons learned?
Primary Motivation: Ideology Good employees make good spies Security theatre
Corporate Spy Training
Countermeasures
Security programs The best way to catch a something
something is to act like a something something
Games to practice being a spy
Coffeeshopping
Walk into a room, look around, and leave› How many people are in the room?› How many people of each age group?› What color are the cars parked outside?› What was everyone doing?› How detailed can you draw the room?
Slowest Race
You need to choose which line to go into.
Profile the people in each line› Older, younger, attractive, tired, etc
Race the next person that uses the other line
Airports are great for this
Sudo Make Me a Sandwich
Thought exercise: How as the following rolls might you be able to exploit something in your organization?› Junior employee› Outside contractor› Delivery person› After hours staff
How can you remediate?
Spy Trainer
Conclusions
The principal motivators of betrayal are also the principal motivators of success
Think offensively about corporate spying
Our OPSEC measures should include our own personal “Information Horizon”