A combination of what's going on in the industry (InfoSec/Cyber) and what we need to do about it (Back To Basics)
Along with some things that might have been hacked....
2. Agenda
• Housekeeping and the bearded thing in front of you…
– We’ve got 137 slides to go through…hold on ,ght
• The state of the union…
– Passwords, humans and chasing crocodiles
• All the blinky lights…
– An,-hacking soPware and other snake oil
• Back to basics
– How DO we get out of this mess?
• Why now?
– Nanotechnology, brains, and a cut on ar,ficial intelligence
• Time to hack something..
– Trains, cows and shipping, what could possibly go wrong?
• Final thoughts
– Collabora,on or eradica,on, it’s our choice
11. The Goatee…
• In the InfoSec/Cyber industry for too many years...
• Broke Nigeria, ISS, Mars Rover, airplanes, trains, etc.
– Researched a whole lot more…
• Working at Lares and consul,ng with Aavo
– Why? Because we need to change this industry
– Why? Because we are going to lead from the FRONT
• Currently researching humans, AI, ML and consciousness compu,ng…
– Because there’s beGer ways than passwords!
– Because the future’s not already scary enough J
– Because we’re heading off the cliff…and we need to wake up
• Might also have a whisky collec,on that borders on the obsessive…
– Occasionally travels with the whisky football (thanks Inbar!)
20. By The Numbers
• 5.5 Billion connected people… (in 2020 ish.)
• Standard bell curve mix for tech/human/intel etc.
– 15% understand or “get” security. (At most!)
– 70% sheeple.
– 15% can’t even spell security or use 123456 as a password.
• Globally 825 Million people who “get” security.
– USA has 4.4% of global bodies, so our share is 36M people.
– 36 Million represents about 9% of the US popula,on.
• So, now we know… 9% of the US popula,on will understand security by
2020.
23. So, 2018…
• 90% or greater of aGacks against
environments are undertaken using KNOWN
exploits.
• Most organiza,ons do NOT have a well
defined or integrated data security
governance program.
• 75% of the IoT manufacturers will not be
able to address the security risks by 2020…
32. The Rack Of Blinky Lights…
• You use firewalls; we went past those in the 90’s and never looked back.
– We s,ll mostly ignore them.
• You put IDS/IPS in place and we can bypass that.
– Like a firewall but more expensive.
• You use DLP, but leave ports open for web/client traffic traffic…
– Which we readily use to exfiltrate all the data.
• You have patches… which are irregularly installed on some systems.
– We know this, we exploit it.
• You have an,virus…it’s 3-7% effec,ve and half the ,me is disabled.
– Another one of those things we wave at as we go steaming past.
• You have built in encryp,on, but the computer is ON which bypasses it.
– And you only use it on the laptops…seriously?!?
33. More Blinky Lights…
• You have “deep packet inspec,on,” we’ve been bypassing
that since 2012.
• You have SIEM installed…and more alerts than a team of
minions can handle.
• You WOULD have policies, procedures and controls IF you
could all agree…
• You get a penetra,on test, but let’s face it…most of the ,me
it’s a checkbox NOT an actual off the leash test…
• You congratulate yourself when the auditor leaves
WITHOUT finding the skeletons.
40. CrowdStrike, Cylance, CB, Etc.
John did an awesome job of sta,ng how they bypassed the tools:
• hGps://www.blackhillsinfosec.com/tag/cylance/
And:
• BlackHat Europe 2017 had training on HOW to evade Cylance, CrowdStrike,
Carbon Black, Etc.
Simply put there’s NOT enough substance behind a lot of the claims of using AI or
Whitelists or other techniques to stop aGackers from geang in.
Lares: Over the last few weeks on a number of engagements we have evaded two
of the above. Time to execute sub 30 mins. AGack vectors were both service
accounts AND deployment packages and how it integrates with MS
You can’t stop what you can’t see.
45. Back to Basics
• The human:
– 1 hour of awareness training PER year
– ½ session of “don’t click shit”
– ½ session of “don’t send shit”
– No understanding of tying work and life security
– Minimal awareness on “why”
– P@ssw0rd1 used at work and on Facebook etc.
– Accountant by day, Genealogist by night…
– Thinks the “S” in HTTPS is for wimps
48. Back to Basics (2)
• Your computers:
– The ones on the FLAT network running W2k
– The ones in the warehouse running XP
– The ones the vendor said don’t touch
– The ones on the Internet with RDP!!
– The ones on the Internet with 1433/3306/Etc.
– The “new” one Frank in accoun,ng plugged in
– The ones you don’t even log or watch
– The ones you don’t even know about!
50. Back to Basics (3)
• Your perimeter:
– Accept it, you don’t have one
– The laptops, iPhones, IoT took your control away
– Computer No1 on YOUR network is hacked
– 2018’s NGIPS/UBA/NGFW isn’t going to help
– Reac,ve, sta,c defenses suck and don’t work
– AI and ML aren’t going to save you either
– There is NO cake, no fairy and NO simple answer
– Start looking at preventa,ve, proac,ve, predic,ve
59. Back to Basics (7)
• Get a plan
– Face it, shit’s going to hit the fan at some point.
– Be prepared, simpler to reach for the IR forms than
wonder WHAT to do…
– Have the communica,ons plan in place ready to go…
– Have the humans prepared. (No, not cannibalism)
– Prac,ce makes perfect, headless chicken mode is NOT
needed…
– Know the steps (OODA or NIST IR)
61. Back to Basics (8)
• All’s quiet on the western front…
– AS the book point’s out NO it’s NOT
– Unless you see it or read it you don’t know it…
– Arguably I’m IN… you just don’t know it
– Your tools say all’s quiet, HOW do you trust them?
– Your reports are saying all’s quiet…
– Your TPS report show it’s all good
– Do you REALLY trust the lack of ac,on?
– HOW do you REALLY test ALL that equipment?
67. 2017…
Swimming nanorobots. Direc,on, mo,on
and other func,ons can be changed based
on the applica,on of either heat (laser) or
electromagne,c pulses.
Nanorobots being taught how to code. In
this case recognize the differences in certain
chemicals.
71. Hack The Human J
• We took Bird Flu
– We bound it to mul,wall nanotubes
– We fooled the body into thinking it was good
– We have the propulsion system to move in the body
– We have a tracking/tracing method for monitoring progress
– We have decoys to deploy should the body go WTF
– And we have a drug to deliver.
• If we’re doing our job we deliver the drug to a cancer cell.
– We can kill the cancer cell
81. Status So Far…
• We do away with passwords
– Our very thoughts become our passports
• We use the human as the authen,ca,on model
– We are already the prime aGack vector…
• Our existence becomes our access method.
– And our uniqueness becomes our protec,on
• This is the first step in uploading consciousness
– Working on adding data back INTO the brain…
• This is the planning stage for digi,zing “us”
103. Our Industry
• Has failed
• Has lied
• Had sold false promises
• Has con,nued to Band-Aid rather than fixing problems
• Had profited off the misery of others
• Acts like en,tled snowflakes
• Has blamed everyone else, never once themselves
• Flaunts the illusion of security
• Treats informa,on as currency and holds it over everyone
• Has used FUD at every turn to maintain an upper hand
103
112. 48 Hour AGack Period
• Several willing and able researchers.
• 200 foot of Cat5 cable.
• Numerous devices to monitor over-the-air signals.
• Couple of specific connector types.
• Close proximity to a number of waysides…
• Very close proximity to a rail yard.
• Poten,al access to numerous locomo,ves.
• A comprehensive set of lock bypass tools.
• A few boGles of GOOD single malt.
• Enough baGeries to keep us happy.
• Safety shoes (mustn’t forget those.)
• No bloody orange/yellow vests.
• A lot of OSINT and some HUMINT/SIGINT.
116. Signals Hacked
• GE Transporta,on Global Signaling
• Passwords in the clear
• Scrape out the necessary handshake…
• Replay aGack
• Job done, now own Signals
Thanks to OSINT we find file servers like
this ALL over the Internet..
PreGy much each folder has both the
instruc,on manuals AND the passwords
(If they have been changed from
default…)
117. Research…
Railway vendors and partners are quick to
explain on public forums and other electronic
(open) mediums about how wonderful their
technology is.
Thanks to the wonders of eBay, your
own ElectroLogIXS system.
126. Recap
• Shipping: Observe
– Systems used to be separated, now interconnected
– Systems are now on-line/Internet connected most of the ,me
– In MANY cases minimal separa,on between crew and core
– Lingering ques,ons exist on the poten,al for GPS hacking
– Malware hacks and exploits well known (Maersk)
• Shipping: Orient
– 52,000 merchant ships, 11,000 of them bulk carriers
– 4,300 oil tankers…
– 300 LPG container ships (over 5 million cubic meters of gas)
– 3 vessels cer,fied to carry Nuclear “stuff” (civilian)