Hiring Hackers

21
HIRING HACKERS 09.09.2014 MARC ROGERS

description

Lookout's Principal Security Researcher, Marc Rogers, presented at CTIA's Super Mobility Week in Las Vegas on September 9, 2014.

Transcript of Hiring Hackers

Page 1: Hiring Hackers

HIRING HACKERS

09.09.2014MARC ROGERS

Page 2: Hiring Hackers

Enterprises need hackers The hacker-mindset makes the difference

Page 3: Hiring Hackers

noun \ˈha-kər\someone who uses ingenuity to create a clever result which accomplishes the desired goal without changing the design of the system it is embedded in.

Hacker;

Page 4: Hiring Hackers

pre

Page 5: Hiring Hackers

noun \ˈha-kər\a person who secretly gets access to a computer system in order to get information, cause damage, etc. : a person who hacks into a computer system

Hacker;

Page 6: Hiring Hackers
Page 7: Hiring Hackers

noun \ˈha-kər\A technical genius who likes to explore the technical world and reshape it to his or her desires in a non-destructive way

Hacker;

Page 8: Hiring Hackers

HOW HACKERS CAN HELP CARRIERS SPECIFICALLY

Page 9: Hiring Hackers

Botnets are a HUGE

network threat

The carrier is becoming further and further

removed from the device

Old-fashioned

financial fraud still causing headaches

The network is becoming

IP-based and more accessible to intruders

Page 10: Hiring Hackers

• Huge SMS spam botnet

• Spams 100 contacts at a time.

• In one case 16,000 messages sent from a single phone!

• Estimated 7M spam messages sent before it was shut down.

• Shut down through cooperation between lookout and a carrier partner.

SPAM SOLDIER12:01 PM

Read more

Page 11: Hiring Hackers

Botnets are a HUGE

network threat

The carrier is becoming further and further

removed from the device

Old-fashioned

financial fraud still causing headaches

The network is becoming

IP-based and more accessible to intruders

Page 12: Hiring Hackers

• Buys subscriber free SMS allowance

• Sells artificially cheap bulk SMS to companies

• Undercuts the carrier’s bulk messaging business with its own subscribers

BAZUC

12:01 PM 12:01 PM 12:01 PM

Read more

Page 13: Hiring Hackers

Botnets are a HUGE

network threat

The carrier is becoming further and further

removed from the device

Old-fashioned

financial fraud still causing headaches

The network is becoming

IP-based and more accessible to intruders

Page 14: Hiring Hackers

• Most advanced mobile botnet (yet)

• Multi-layered C2 architecture with end to end encryption and P2P command protocols.

• Installs an unrestricted proxy on victim’s handsets

• Like PC Botnets, the controllers resell access to the proxy network for various criminal purposes:

• Transaction Fraud • Pumping out spam emails • Accessing C99 shell accounts • Brute-forcing wordpress accounts

!!

NOTCOMPATIBLE12:01 PM

Read more

Page 15: Hiring Hackers

Botnets are still big

network-suck

The carrier is becoming further and further

removed from the device

Old-fashioned

financial fraud still causing headaches

The network is becoming

IP-based and more accessible to intruders

Page 16: Hiring Hackers

HACKERS WHO HELP

Page 17: Hiring Hackers

Jeff Moss

Marc RogersMark Abene

Kevin Poulsen

Robert Tappan Morris

Mudge

HACKING FOR GOOD

Steve Wozniak

Chris Wysopal

Page 18: Hiring Hackers

EVERYTHING IS OK

Page 19: Hiring Hackers
Page 20: Hiring Hackers
Page 21: Hiring Hackers

For more mobile security information, follow