1 I’m a Suit in a Cyber World! October 2011 Twitter: #cybergamut.
123
1 I’m a Suit in a Cyber World! October 2011 Twitter: #cybergamut
-
Upload
loraine-tate -
Category
Documents
-
view
216 -
download
0
Transcript of 1 I’m a Suit in a Cyber World! October 2011 Twitter: #cybergamut.
1
I’m a Suit in a Cyber
World!
October 2011
Twitter: #cybergamut
2
Employment History
Financial Services
3
Employment History
Financial Services
4
Employment History
Ski Bum
5
Employment History
Ski Bum
6
Employment History
USAF Officer
7
Employment History
USAF Officer
8
Employment History
SAIC
9
Employment History
SAIC Program Manager
10
Employment History
SAIC Program Manager
11
Employment History
SAIC Division Manager
12
Employment History
SAIC Division Manager
13
Employment History
SAIC Capture Manager
14
Employment History
SAIC Capture Manager
15
Education History
King CollegeBA Economics & Business
Administration
16
Education History
King CollegeBA Economics & Business
Administration
17
Education History
Chartered Life Underwriter
18
Education History
Chartered Life Underwriter
19
Education History
UMD EuropeBowie State University
MS Management Information Systems
20
Education History
UMD EuropeBowie State University
MS Management Information Systems
21
Education History
PMP
22
Education History
PMP
23
Education History
GCIH
24
Education History
GCIH
25
Large Cyber Procurements
SAIC Capture Manager
26
Large Cyber Procurements
> $250,000,000
29
Introduction to
cybergamut
30
History and Why Change• In 2008 SAIC established cybernexus
– Coming together or “nexus” of cyber analysts– Central Maryland
• In 2011 cybernexus renamed cybergamut– Runs the “gamut” of cyber disciplines– Global organization
• cybergamut nodes– Socorro, New Mexico– Sioux Falls, South Dakota– San Antonio, Texas– Northern Virginia (Tysons Corner and Herndon)
31
Mission Statement
cybergamut is a worldwide community of practice for cyber professionals across industry, academia, and government providing ongoing education, training, and certification opportunities throughout all phases of a cyber professional’s career, utilizing traditional methods as well as non-traditional techniques like puzzles, Easter Eggs, and problem solving.
32
Easter Eggs
33
Easter Eggs (eeggs.com)
34
Challenge Cards
35
Challenge Coin
36
Technical Tuesday
• What it is – a technical exchange
• What it is not– A sales presentation– A product endorsement– For discussion of procurements – For discussion of procurement related issues
37
PDU and CPE
• PMI PDU’s– PMI Baltimore approved most Technical Tuesday
events as eligible for PMI PDU’s under Category B, Continuing Education
• CPE’s for CISSP– Self certification
• Other certifications– What do you need?
38
Previous Topics• Defending a Large Network
– Brian Rexroad of AT&T– 2 Dec 2008
• DNI Essentials– Paul Schnegelberger of SAIC and John Sanders of
Northrop Grumman TASC– Nov/Dec 2008
• Digital Forensics– Jim Jaeger of General Dynamics– 13 Jan 2009
• Case Studies in Cyber Attacks – Aaron Wilson of SAIC– 13 Jan 2009
• Trickler– Greg Virgin of RedJack– 27 Jan 2009
• Security Tools– Peiter “Mudge” Zatko of BBN– 27 Jan 2009
• IPv6– David Harris of SAIC– 10 Feb 2009
• Exploitation Prediction – Darryl Ackley of New Mexico Tech– 24 Feb 2009
• Analytic and IO Tools– Clift Briscoe and Nat Cooper of Edge– 24 Mar 2009
• Distributed Systems Technologies and Internet Intelligence
– George Economou of Akamai– 24 Mar 2009
• Exploring the Social World of the Russian Hacker Community
– Tom Holt of Michigan State University– 10 Mar 2009
• Modern Forensic Investigative Techniques – Amber Schroader of Paraben– 10 Mar 2009
• Defending Against BGP Man-In-The-Middle Attacks
– Earl Zmijewski of Renesys– 14 Apr 2009
• Examining the Storm Worm– Nico Lacchini of TDI– 26 May 2009
• No-Tech Hacking– Johnny Long– 11 Jun 2009
• Dirty Secrets of the Security Industry– Bruce Potter of Ponte Technologies– 14 Jul 2009
• Windows Forensic Analysis: Dissecting the Windows Registry
– Rob Lee of MANDIANT and the SANS Institute– 18 Aug 2009
• Silence of the RAM– Sean Bodmer of Savid Corporation– 22 Sep 2009
• VoIP Security - Attacks, Threats and Countermeasures
– Stuart McLeod of Global Knowledge– 3 Nov 2009
39
Previous Topics cont.• A Tale of Two Departments – How Commerce
and State Dealt With Chinese Intrusions: Lessons Learned Plus: Security Heroes and the 20 Critical Controls
– Alan Paller of the SANS Institute– 9 Mar 2010
• Aurora– Aaron Barr of HBGary Federal– 27 Apr 2010
• Malware reverse engineering at ITT – Paul Frank of ITT– 25 May 2010
• Advanced Cyber Collection Techniques; Extracting and Analyzing Information from the Domain Name System
– Tim Cague of The CYAN Group– 10 Aug 2010
• The Rise of the Social Web – Aaron Barr of HBGary Federal– 5 Oct 2010
• Why Security People S#ck – Gene Bransfield of Tenacity Solutions– 9 Nov 2010
• Insider Threat and Real-World Incident Study– Presented by Michael Collins & Greg Virgin of
RedJack along with Jim Downey of DISA PEO-MA– 30 Nov 2010
• Network Monitoring– Josh Goldfarb of 21st Century Technologies– 4 Jan 2011
• Network Device Exploitation with Universal Plug & Play
– Terry Dunlap of Tactical Network Solutions– 8 Feb 2011
• Deep Packet Inspection for Cybersecurity ASW&R
– Jeff Kuhn of Pangia Technologies– 29 Mar 2011
• Stuxnet Redux: Malware Attribution & Lessons Learned
– Tom Parker of Securicon – 19 Apr 2011
• Special Technical Tuesday and renaming– 10 May 2011
• APT Intrusion Remediation: The Top Do's and Don'ts
– Rob Lee of MANDIANT and The SANS Institute– 24 May 2011
• Deep Packet Inspection– Peder Jungck of Cloudshield and SAIC– 28 Jun 2011
• Our Security Status is Grim– Brian Snow– 19 Jul 2011
• Cellular Security– Jason MacLulich of Endace– 9 Aug 2011
• Government Cyber Technical Directors’ Panel– 30 Aug 2011
40
Upcoming Technical Tuesdays• Hacking Windows 7 and defending against physical attacks
– 18 Oct 2011– Jesse Varsalone
• Looking for more speakers and topics such as:– Tor routing– Malware reverse engineering– Cyber situational awareness– Splunk– Cloud computing and cloud forensics– Geolocation of IP addresses and mobile devices– Digital forensics– E-discovery– Attack attribution– Deep packet inspection– Fuzzing– Writing secure code
To suggest topics, volunteer to speak, or to receive an invitation, please contact: [email protected]
41
Interesting Topics from the Chief 5uit’s Perspective
42
Remember!
43
Dash
44
Foreign Language
• 1337 = LEET = short for elite (maybe)– 5uit = Suit
• Pwn = Own– Your computer has been pwned
• Teh = the– Accidents become purposeful– This was before spell checkers – hard to do now
• Texting– LOL– ROFL– - OMG Powerpoint translated : and ) to this
45
Different Culture
• 95% male• Black T-shirts• Interesting facial hair• Body art• Add alcohol and mix vigorously• Stickers everywhere• Lock picking for fun (lock sport)• Hackers aren’t all Bad
– I Hack Charities• As a 5uit, I’m counter-counter-culture
49
Pure evil
• Wireless diabetes pump exploit
50
Pure evil – or is it?
• Wireless diabetes pump exploit
• Exploit released by a pump user• Wants manufacturer to fix the problem
• This is typical of many of the things released
51
Bot in a Botnet
• What’s a Bot and what’s a Botnet?– Computers that have been taken over– Used for distribution of Spam and Malware– Used for other nefarious deeds
52
Bot in a Botnet
• What’s a Bot and what’s a Botnet?– Computers that have been taken over– Used for distribution of Spam and Malware– Used for other nefarious deeds
• Does your Mom care?
53
Bot in a Botnet
• What’s a Bot and what’s a Botnet?– Computers that have been taken over– Used for distribution of Spam and Malware– Used for other nefarious deeds
• Does your Mom care?
• Do you care?
Digital Hygiene
You can’t Patch Stupid!!!
You can’t Patch Stupid!!!
Don’t be “Stupid”
Don’t use Reply All in a Mail
Storm!!!
You can’t Patch Stupid!!!
76
Social Engineering
• Extremely effective
• DEFCON Social Engineering Contest– Amazing what people will give away– Help desks were overly helpful
Click OK to Continue
79
Should I proceed?
80
Should I proceed? I did!!!
81
Phishing and Spearphishing
• E-mails and targeted e-mails– Usually with a link– Watch for typo’s and misspelllings
• V1AGRA
• [Insert company name here] has been sold!
82
Classic Phishing – not Nigeria
83
Phishing maybe???
84
Phishing from GA – Bot??
85
Spearphishing
86
Corporate Response
87
Another One!
88
Phishing and Spearphishing
• E-mails and targeted e-mails– Usually with a link– Watch for typo’s and misspelllings
• V1AGRA
• [Insert company name here] has been sold!
• DEFCON Skybox Demo– Trend tracking via Twitter– Tracking an individual via Social Media– Tiny urls and Bit.ly
89
GPS and other evil devices
• GPS, iPhones, etc remember everything
• iPhones sync EVERYTHING with their host
• Windows 7 Registry saves things a long time
• Forensics examiner’s dream
• Car thieves “Go Home”– You’re not home and now you’re stranded
90
GPS and other evil devices
• GPS, iPhones, etc remember everything
• iPhones sync EVERYTHING with their host
• Windows 7 Registry saves things a long time
• Forensics examiner’s dream
• Car thieves “Go Home”– You’re not home and now you’re stranded
91
Supply Chain
• Where was your code written?• Where was your hardware produced?• How did it get to you?
• Thumb drives• Hard drives
92
X begets Y begets Z…• Needs beget innovation• Innovation begets technology• Policy and strategy follow
– aren’t necessarily “begotten”• Lack of policy begets ineffective or non-strategy• Doctrine is the military word for policy• Tactics are the refinement of military strategy• difference between responsibility and authority
– DHS has responsibilities– DoD has many clearly defined authorities
• National Cyber Policy is challenging– AFCEA story
93
Steganography
• Stuff hidden in pictures• Stuff hidden in other non-obvious places
94
Who votes for #1?
95
Who votes for #2?
96
Who votes for #3?
97
Who votes for #4?
98
Steganography
• Let’s check your votes . . .
99
#1 Malamute???; not Malware
100
#2
101
#2 is Malodorous; not Malware
102
#3 is Mal-wear; not Malware
103
#4 is Malicious; not Malware
104
Steganography
• None of those pictures– I don’t think anyway…
• Very hard to detect in a single picture– Potential detection if you have both pictures
50 KB 450 KB
105
Other Scary/Cool Concepts
• Segmented polymorphic malware– Bad stuff that changes its looks, delivered in parts
• Metamorphic malware– Bad stuff that changes what it does
• Cloud Computing – distributed virtualization– Which denomination?
• Hadoop – son’s toy elephant– Cloud Security– Cloud Forensics
• Zero-day– Brand new malware or exploits
106
Should I click?
107
Social Networking
• “On the Internet, nobody knows you’re a dog”– New Yorker Magazine, 1993– Still true today
• Do you really know who your Friends are?– Would you cross the street to see them in person?– What are you revealing in your posts?
108
Fake Profile???
109
Social Networking
• “On the Internet, nobody knows you’re a dog”– New Yorker Magazine, 1993– Still true today
• Do you really know who your Friends are?– Would you cross the street to see them in person?– What are you revealing in your posts?
• “My Daddy’s dating…”• Twitter - #cybergamut
– Spontaneous and quick– No filter– No retraction after re-tweet
Need this
button
112
Location-based Services
• Facebook Places and Foursquare• Preparation for Travel
– Set up light timers– Make your home look lived in
• “Check in” at out of state locations• Photo metadata• Okay for my Friends to know• What about Friends of Friends?
– What about Mafia Wars Friends of Friends?
113
Facebook Places
114
Clearly Out of Town
• Photo metadata
• Photo metadata
• Facebook actually removes the location information
117
User Names and Passwords
• Anonymous and LULZ Sony Attacks– 77 million users affected
• Other large data thefts
• User Name and Password combinations– How many do you use?
– Remember the Bots?!?
– This got my attention!
118
What do we do?
• I don’t know…
• I think education helps…
119
Cyber Increases
• Volume
• Variety
• Velocity
120
Cyber Increases
• Volume = 123 slides
• Variety
• Velocity
121
Cyber Increases
• Volume = 123 slides
• Variety = 25 topics
• Velocity
122
Cyber Increases
• Volume = 123 slides
• Variety = 25 topics
• Velocity = 1 hour = ~29 sec per slide
123
That’s all we’ve got!
