A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
56
A Funny Thing Happened on the Way to the Airport Or…what NOT to say, what TO say AND when TO say it…
-
Upload
ec-council -
Category
Technology
-
view
403 -
download
2
Transcript of A "Funny" Thing "Happened" on "the" Way "to" the "Airport" - Chris Roberts
A"Funny"Thing"Happened"on"the"Way"to"the"Airport"
Or…what"NOT"to"say,"what"TO"say"AND"when"TO"say"it…""
For"the"“Watchers”"!"
Civilized"Abstract"
• The"beauty"of"humans"is"that"for"all"that"we"err,"we"also"have"an"equal"capacity"to"evolve."
• We"have"always"been"the"weakest"link,"we"are"both"the"problem"AND"the"soluHon.""
• We"should"remove"ourselves"as"the"“problem”"and"provide" a" soluHon" that" takes" care" of" the" issues" in"exactly"the"same"manner"as"any"other"uHlity"that’s"provided."
"
Blunt"Abstract…"• I"can"stand"here"all"day"and"talk"with"you"about"what"you"have/need/should" do." Many" of" you" will" think" about"acHon." Most" of" you" won’t" do" anything," all" of" you" ARE"targets....."
• When"WILL"you"wake"up?"
• What"will"it"take"for"YOU"to"wake"up?"
• What" is" relevant" and" what" seems" to" be" ignored" or"forgoUen"or"is"the"idea"that"security"is"a"journey......"
This"is"NOT"todays"topic"
These"topics"ARE"being"researched…"
The"FOCUS"for"today"
• Addressing"the"elephant"in"the"room"• Dealing"with"the"alphabet"soup"• CooperaHon,"when"it"works"and"when"it"blows"up"in"your"face"• Dealing"with"the"press,"when"it"works,"when"it"doesn’t"• Engaging"legal,"who,"how"and"when"• Where"do"we"go"from"here?"• A"liUle"rant,"and"a"possible"call"to"acHon?"• Evolve"or"Die…"• Thanks…"
ELEPHANTS…*
Sideways"Planes?"
• Um,"physics"says"NO."• Affidavit"compressed"5"years"
and" mulHple" conversaHons"into"one"paragraph…"
• Research"presented"was"not"accurately"represented."
• Nothing" on" those" 2015"flights"was"done."
• Next"Hme"no"TwiUer."
What’s" ironic" about" that" last" slide" is" I" was"ediHng" it" while" si_ng" on" a" plane…hoping"nobody"was"reading"it"over"my"shoulder"!"
ALPHABET*SOUP*
Who’s"going"to"call?"(or"visit)"
Just"some"of"the"interested"parHes"we"tend"to"deal"with"on"a"VERY"regular"basis…"
Led"hand"doesn’t"know"right"hand"
• Classic"situaHon:""– Day"1,"pulled"off"plane"– Day"2"talking"with"intelligence"teams"– Day"3,"talking"with"SAME"agency"that"pulled"me"from"plane"– Day"5"same"thing…Day"30"same"agency"want’s"to"subscribe"to"threat"plahorm….simply"put"WTF!"
• There" ARE" elements" in" almost" all" of" the" agencies" that"want" to" work" with" researchers," who" understand" (heck"some"of"them"are"friends"and"colleagues.)"
IS"there"a"balance?"
• On" one" hand" the" immediate" reacHon" is" to" close" ranks," cease"communicaHons" and" simply" ignore" the" agencies" and" intelligence"community"if"this"is"how"we"are"being"perceived…"
• HOWEVER"
• Per"earlier"comment"there"ARE"good"elements,"and"they"DO"need"the"help"(they"can’t"win"this"fight"on"their"own)"so"we"HAVE"to"find"a"way"to"work"with"them"that"works"for"both"parHes."
• BOTH"parHes"need"to"find"common"ground."
COOPERATION?*
Choose"wisely…"Both" responses" ARE" acceptable,"however" HOW" those" responses" are"presented" back" to" LE/Intel" is" crucial"in"how"your"day’s"going"to"go…"
IF"you"decide" to" talk," take"notes"OR" record"the" conversaHon" and" please" remember"EVERYTHING" you" say" is" both" evidence" and"up"for"interpretaHon."
IF"you" remain"silent"expect" the"situaHon" to"escalate"quickly."(Get"the"Lawyers"involved!)"
THE*PRESS…*
Talk"or"STFU?"
• Choose"carefully"AND"remember"anything"you"say"will"be"printed"unless"BOTH"parHes"agree" it’s"“OFF"the"record”…and"even"then"be"VERY"guarded."
• Choose"an"outlet"that’s"able"to"accurately"represent"your"points."• Don’t"get"dragged"into"a"confrontaHon."• Once"the"lawyers"say"STFU"then"hold"to"that"(it’s"tough!)"• Your"TV"appearance"is"1l2"hours"of"back/forth"for"2l5"minutes."• Mainstream"TV"people"know"HOW"to"guide"a"conversaHon…"• It’s"NOT"a"bed"of"roses,"there’s"a"lot"of"trolls"out"there."
ENGAGE*“THE*LAWYER!”*
EFF"or"Other?"• For" the"most" part" the" first" call" is" probably" best" to" EFF," if" they"
can/are"able"to"help"then"they"will.""• Remember" IF"you"have"corporate"council" they"are"always"going"
to"do"what’s"best"FOR"the"company,"and" that"can" (and" is" likely"to)"be"at"odds"with"what’s"best"for"you."
• Either"way"LISTEN"to"the" legal"team…they"ARE"working"on"your"behalf."
NOW*WTF?*
Oops,*wrong*target*dammit…*
General"stuff…"
• Only" United’s" goUen" annoyed" with" me." I’m" sHll" flying"(and"have"my"TSA"pre….go"figure)."
• We’re" working" on" the" researcher/intelligence" agency"cooperaHon"thing."
• TwiUer"is"now"moderated,"I’d"encourage"us"ALL"to"do"the"same."
• We"found"some"amazing"trolls…"researching"them"too…"• The"community"has"been"awesome,"I’ve"taken"some"well"deserved"smacks,"but"we"have"one"helluva"community…I"am"honored"to"be"part"of"it."
Technical"stuff…"• Ironically" the" plane" research" was" completed" about" two" years"
ago…"• IofE"presented"over"this"last"year,"might"revisit"and"update."• Working"on"a"couple"of"projects:"– Tanks,"specifically"the"new"(non"USA)"ones"that"are"purported"to"be"automated…"now"those"WILL"go"sideways"!""
– (Line"dancing"tanks"at"Red"Square"parade"next"year?)"– Cross" border" stuff," smuggling" Canadians" to" Mexico"undetected."
– Self" healing" Trojan’s" and" the" ability" to" infect" AND" repair"systems."
• More"coming"!"
Play?"
THE*MANIFESTO?*
We*are*more*than*just*a*number,*a*staLsLc,*a*line*item*on*a*Cyber*liability*insurance*claim!*
Humans:"The"Problem"
• Simply"fed"up"with"the"human"element"and"how"they"handle"some"of"the"basic"security"issues"that"are"facing"them"in"this"day"and"age."
• Done" dealing" with" companies," organizaHons," enHHes," and"governments" that" simply" want" to" carry" on" going" along" in" the" same"manner.""
• Frustrated"and"resenhul"of"execuHves"who"don’t"care"or"who"feel"that"security"is"a"burden"or"something"that’ll"eventually"disappear."""
• Intolerant" of" humans" who" think" that" security" is" something" that"happens"to"others,"who"don’t"feel"they"need"to"be"concerned"by"it,"or"who"figure"that"someone"else"will"deal"with"it.""
• Rare" indeed" is" the" individual" or" company" that" takes" a"proacHve" interest" in" security" and"how" it" can"help" them,"protect" them" and" they" can" learn" from" it" both" as" a"business"and"as"individuals"working"around"or"inside"it.""
• Rarer"sHll"is"the"person"or"company"that"keeps"this"effort"up"for"an"extended"period"of"Hme."
• We"need"to"simply"take"the"human"OUT"of"the"equaHon."
You*can*lead*a*human*to*knowledge*
but*you*can’t*make*him*
think.*
NOW*WHAT?*
What"do"we"do?"Accessing" computers" that" don’t" belong" to" you" is" obviously" a"breach"of"several"well"defined"rules…""However" it" might" be" interesHng" to" see" how" the" conversaHon"holds"up"in"court…""“The% “hacker”% broke% into% the% company% and% instead% of% simply%emptying% it% of% all% the% assets,% simply% patched% the% systems,% fixed%the% insecure% code,% updated% the% security% profiles% and% encrypted%the% data% at% rest% and% in% mo<on% (leaving% the% keys% behind%obviously)”%"It"would"make"for"an"interesHng""legal"argument!"
SCADA"“hacked”"The"same"logic"goes"for"SCADA"and"SMART"systems:""“Instead% of% breaking% into% the% power% sta<on% and%making% all% the%lights%along% the%eastern% seaboard%pulse% to% the% tune%of% “We%will%rock%you”%the%perpetrators%broke%in%and%ensured%that%the%SCADA%controllers% had% adequate% protec<ons% in% place,% that%mul<% factor%was%enabled%and% that% the%FTP% servers%were%protected%AND%was%hidden%behind%a%VPN.%“%%We" probably" need" to" take" this" logical" approach" and" apply" it"across"ALL"areas"of"the"government"too"!""If"nothing"else"it"would"make"the"trials"entertaining!""
Should"vs."Could"
Should"this"be"done…good"quesHon,"the"logical"answer"is"yes."""Logic"being"that"a"fixed"and"set"of"secure"systems"will"no"longer"leak"data"faster"than"a"sieve."""Logic"being"that"data"encrypted"at"rest"and"in"moHon"is"harder"to"steal."""Logic" being" that" if" less" people" lost" their" credenHals" and" their" idenHHes"we’d" manage" to" reduce" the" financial" losses" that" currently" are" in" the"billions."""Logical"arguments"for"these"acHviHes"are"preUy"much"selflevident.""
Challenge"is…"we"are"NOT"dealing"with"logic…"
From"here"on"out…"
• The" next" Hme" we" sit" down" and" research" something" it’s" not"going"to"be"to"simply"stand"on"stage,"talk"about"what"and"how"the" work" was" done," what" the" consequences" are" and" who"should"have"coded"the"systems"more"effecHvely."
""• It’s"not"going"to"be"to"call"the"company"and"try"to"get"them"to"
understand"what" the" issue" is," how" to"fix" it,"why" it’s" an" issue"and" who" would" dare" to" actually" do" the" same" thing" in" the"wild…""
"• It’s" really" not" going" to" be" to" call" the" agencies" or" the"
intelligence"community"and"help"them"understand"what/why"this"is"either"useful"or"an"issue.""
• I"think"the"next"Hme"we"do"research"it"should"be"couched"in"“this"is"what"was"broken,"and"here’s"a"fully" automated" deployment" system" to" not" only"fix" the" situaHon," but" to" make" sure" it" remains"fixed."
• …and"then"I"argue"it"should"simply"be"deployed.""
Virus"="Vaccine"
• Simple"logic"take"the"best"part"of"a"virus"• Turn"the"logic"flow"from"aUack"to"defense"• Employ"obfuscaHon"and"fragmentaHon"techniques"
• Create"a"resilient"update"architecture"• Deploy,"sit"back…."• Watch"“areas”"of"the"African"conHnent"become"protected…"
• Remember"to"put"kill"switch"in…..""
Running…"
• It’s"running,"has"been"now"for"a"“while”"
• Working"out"some"of"the"kinks…"
• Do"we"deploy"this"in"an"altruisHc"manner?"
• Do"we"commercialize"and"then"HAVE"to"sHll"deal"with"humans?"
Evil"overlord?"
• There"are"no"backdoors"in"the"code.""• There" is" no" master" plan" to" take" over" the" world" one"appliance,"toaster,"oven,"computer"or"car"at"a"Hme."
"• There" is" simply" the" desire" to" see" progress" and" to" see"things"fixed"for"a"change."
• …which" is" a" greater" good" than" is" typically" happening" in"the" current" modern" industrial" world" that" we" find"ourselves"in."
AltruisHc"Hacking?"
• Yep,"and"I"don’t"see"a"problem"with"it."
• MANY"embedded"systems"are"ripe"for"change…"
• Manufacturers"ignore"the"issues,"we"fix"them."
• Let’s"debate"this"over"drinks!!"
GEEK*THOUGHTS…*
The" next" Hme" you" find" yourself" elbow" deep" in" your"target"of"choice…""• Once"you’ve"goUen"the"pcap"file"• Once"you’ve"taken"the"screenshots…""FIX" their" bloody" code," patch" their" systems," encrypt"the" data" and" leave" the" key" behind…preferably" not"under"the"front"doormat.""
Evolve"or"Die"
• We" have" to" evolve" and" we" have" to" get" beUer…we" have" to"remove" the" flaws," and" beUer" protect" the" systems." That’s"obviously" not" happening" at" the" moment" in" either" the"commercial"or"government"space."
• It’s" arguable" that" your" security" should" be" a" commodity/uHlity…for"many"organizaHons" it’s"not"core"to"who"we"are"or"what"we"should"be"concerned"about,"therefore"why"do"we"all"have"to"become"experts"in"it?"
• We" have" to" evolve" the" system," this" talk" discussed" some" of"those"challenges"AND"sheds"some"light"on"some"of"the"other"areas"that"have"had"media"focus."
To"ALL"the"Presenters…"
• Don’t"just"say"what’s"broken,"but"also"present"HOW"to"fix"it."
• Stop" using" presentaHons" as" infomercials." Your" corporate"propaganda"is"NOT"helping"fix"the"soluHon."
• The"latest"firewall"with"“blue"blinky"lights”"is"NOT"going"to"fix"the"issues,"get"to"the"core"of"the"problem…YOU!"
• When" you" sell" your" 0Day" to" the" government" of" your" choice"you"are"removing"the"ability"to"secure"how"many"people?"
Personally"I’m"going"to"make"sure"the"lights"along"the"eastern"seaboard"will"sHll"blink"out"a"code…"
"Now"it’s"going"to"simply"state"“Fixed"by"127.0.0.1”"and"
nobody"else"from"the"outside"is"going"to"be"able"to"change"that."
Security"is"a"Journey"“A%journey%of%a%thousand%miles%begins%with%a%single%
step.”%%"
From"��������,"by"Laozi""
First:"Ask"The"QuesHons"• Do"you"REALLY"understand"the"problem?""
• Do"you"know"the"risks"your"organizaHon"faces?""
• Do"you"REALLY"know"what’s"going"on,"or"are"you"simply"watching"the"nightly"TV"“News?”""
• Are"you"sHll"helllbent"on"spending"more"money"on"firewalls"and"other"vendor"pushed"devices?"(Red"vs."Blue"binky"lights)"
• Who" advises" you?" Do" you" listen" to" those" of" us" in" the" trenches" and" the"industry?""
• Listening"to"these"presentaHons"and"then"doing"NOTHING"is"NOT"considered"a"first"step.""
Second:"Change!"
• Procedures:""– You’ll" need" cooperaHon," but" accurate" documentaHon" is" going" to"help"you"reach"an"acceptable"and"repeatable"level"of"maturity.""
• Controls:""– Stop" fooling" yourself" (and" others)" that" an" audit" is" going" to" fix" a"damm"thing."Stop"fooling"the"auditors"too."Take"responsibility"and"insHtute"the"CORRECT"controls"throughout"the"organizaHon."
• Culture:""– This" one’s" got" to" change" and" a" much" deeper" level" of" individual"accountability"and"awareness"HAS"to"be"integrated.""
Third:"Your"InsHtuHon!"• We"are"ALL"treated"as"numbers"and"staHsHc."
• That"mentality"HAS"to"change!"
• We"should"NOT"be"counted"as"“acceptable"losses.”"
• Companies"need"to"understand"we"are"HUMANS.""
• If"the"mentality"stays"aslis"we"are"simply"fighHng"an"unwinnable"war.""
Can’t"is"Not"an"OpHon"
• Stop"talking"about"how"we"can’t"do"things."
• Talk"about"how"DO"we"solve"these"issues."
• We"have"to"change"our"approach:"– Focus"on"your"electronic"profile."– Focus"on"who"OUT"there"is"interested"in"your"data."– Focus"on"WHERE"that"data"actually"IS."– Focus"on"YOU!"– Focus"on"your"PEOPLE!"
With"thanks"to…"• I"said" it"earlier"and"I’ll"say" it"again,"we"have"one"helluva"community…
for"all"of"you"I"am"eternally"grateful…"
• The"EClCouncil,"I"hope"this"hasn’t"scared"them"too"much!"
• To"EFF"for"conHnuing"to"put"up"with"me."
• Eddie…"for"everything!"
• Warner" Bros." and" Chuck" Jones" for" Wile" E." Coyote," Marvin," and" his"cohorts."
• The"Minions,"the"squirrels,"the"cats,"horse"and"polar"bears…"
