SlideShare una empresa de Scribd logo
1 de 111
Descargar para leer sin conexión
OPSEC for hackers:
                                      РУССКИХ
                           because jail is for
                               wuftpd
                              the.grugq@gmail.com




Monday, November 19, 12
Overview
                   • Intro to OPSEC
                    • Methodology
                    • lulzsec: lessons learned
                    • Techniques
                    • Technology
                   • Conclusion
Monday, November 19, 12
Avon:You only got to fuck up once… Be a little
        slow, be a little late, just once. How you
        ain’t gonna never be slow? Never be late?
        You can’t plan for that. Thats life.




Monday, November 19, 12
Intro
                          to
                          OPSEC


Monday, November 19, 12
WTF is it?



Monday, November 19, 12
OPSEC in a nutshell

                   • Keep your mouth shut
                   • Guard secrets
                    • Need to know
                   • Never let anyone get into position to
                          blackmail you



Monday, November 19, 12
STFU



Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Methodology



Monday, November 19, 12
• put the plumbing in first
                    • create a cover (new persona)
                    • work on the legend (history, background,
                           supporting evidence for the persona)
                          • Create sub-aliases
                          • NEVER CONTAMINATE
Monday, November 19, 12
FREEDOM
                           The 10 Hack
                                 FIGHTING
                          Commandments


Monday, November 19, 12
• Rule 1: Never reveal your operational
                          details

                   • Rule 2: Never reveal your plans
                   • Rule 3: Never trust anyone
                   • Rule 4: Never confuse recreation and
                          hacking
                          FREEDOM FIGHTING

                   • Rule 5: Never operate from your own
                          house

Monday, November 19, 12
• Rule 6: Be proactively paranoid, it doesn’t work
                      retroactively
                                                     FREEDOM
               •      Rule 7: Keep personal life and hacking
                                                     FIGHTING
                      separated

               • Rule 8: Keep your personal environment
                      contraband free

               • Rule 9: Don’t attract attention
               • Rule 10: Don't give anyone power over you
Monday, November 19, 12
Why do you need
                             OPSEC?


Monday, November 19, 12
ProTip: Cover the webcam on your laptop.

Monday, November 19, 12
It hurts to get fucked



Monday, November 19, 12
No one is going to go
                        to jail for you.


Monday, November 19, 12
Monday, November 19, 12
Your friends will betray
                           you.


Monday, November 19, 12
#lulzsec:
                          lessons learned
Monday, November 19, 12
Monday, November 19, 12
Violation
                          Never trust anyone


Monday, November 19, 12
ProTip: Don’t use your personal Facebook account
     to send defacement code to your friends
                                  FREEDOM FIGHTERS


Monday, November 19, 12
ProTip: Don’t use your real first name as your
                                    username
Monday, November 19, 12
Violation
                          Don’t contaminate


Monday, November 19, 12
Monday, November 19, 12
Violation
                          Don’t contaminate


Monday, November 19, 12
Monday, November 19, 12
Violation
                    Keep personal life and
                       FREEDOM
                      hacking separate
                       FIGHTING




Monday, November 19, 12
ProTip: Don’t connect to your target directly from your
                      home IP address


Monday, November 19, 12
Violation
                          Never operate from
                             your home


Monday, November 19, 12
Monday, November 19, 12
Violation
                          Never operate from
                             your home


Monday, November 19, 12
Monday, November 19, 12
Violation
                            Don’t reveal
                          operational details


Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Violation
                            Don’t reveal
                          operational details


Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Violation
                          Be paranoid


Monday, November 19, 12
Virus (10:30:18 PM): don't start accusing me of
     [being an informant] - especially after you
     disappeared and came back offering to pay me for
     shit - that's fed tactics
     Virus (10:30:31 PM): and then your buddy, topiary,
     who lives in the most random place
     Virus (10:30:36 PM): who's docs weren't even public
     Virus (10:30:38 PM): gets owned
     Sabu (10:32:29 PM): offering to pay you for shit?
     Virus (10:32:55 PM): yeah, you offered me money for
     "dox"
     Virus (10:33:39 PM): only informants offer up cash
     for shit -- you gave yourself up with that one



Monday, November 19, 12
HAPPY ENDING
                          Virus is still free


Monday, November 19, 12
Monday, November 19, 12
Violation
                          Never contaminate


Monday, November 19, 12
Monday, November 19, 12
Bonus: w0rmer
Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Monday, November 19, 12
Techniques



Monday, November 19, 12
Plumbing



Monday, November 19, 12
It is boring.



Monday, November 19, 12
You’ll know it worked if
                   nothing happens.


Monday, November 19, 12
Put it in place first.



Monday, November 19, 12
Paranoia doesn’t work
                       retroactively


Monday, November 19, 12
Personas
Monday, November 19, 12
Spiros: He knows my name, but my name is
                not my name. And you... to them you're
                only "The Greek."
       The Greek: And, of course, I'm not even Greek.




Monday, November 19, 12
Problem:
                          You are you.


Monday, November 19, 12
Monday, November 19, 12
Solution:
                          Be someone else.


Monday, November 19, 12
Monday, November 19, 12
Personas

                   • Danger to personas is contamination
                    • Contact between personas (covers)
                            contaminates both
                          • Keep cover identities isolated from each
                            other



Monday, November 19, 12
Layered defense



Monday, November 19, 12
• Fail safe technological solution
                    • TOR all the things!
                   • Back stop persona
                    • Primary cover alias as first identity
                      • Secondary cover aliases (eg. handles)

Monday, November 19, 12
Profiling data



Monday, November 19, 12
Pitfalls

                   • Location revealing information
                    • Weather
                    • Time
                    • Political events
                   • Profiling data

Monday, November 19, 12
Practice

          Amateurs practice until they get
          it right
          Professionals practice until they
          can’t get it wrong


Monday, November 19, 12
Stringer: What you doing?
   Shamrock: Robert's Rules says we got to
               have minutes of the meeting.
               These the minutes.
   Stringer: Nigga, is you taking notes on a
             criminal fucking conspiracy?




Monday, November 19, 12
No logs. No crime.



Monday, November 19, 12
Staying Anonymous
Monday, November 19, 12
Personal info is profiling
                         info


Monday, November 19, 12
Anti-Profiling
                                 Guidelines

                   • Do not include personal information in
                          your nick and screen name.
                   • Do not discuss personal information in the
                          chat, where you are from...




Monday, November 19, 12
Anti-Profiling
                                  Guidelines
                   • Do not mention identifying details, e.g. your
                          gender, tattoos, piercings or physical
                          capacities
                   • Do not mention your profession, hobbies,
                          involvement in political/activist groups




Monday, November 19, 12
Anti-Location Profiling
                         Guidelines
                   • Do not use special characters on your
                          keyboard unique to your language
                   • Do not keep regular hours / habits (this can
                          reveal your timezone, geographic locale)
                   • Do not discuss the environment, e.g.
                          weather, political activities, etc
                          • Don’t talk about the weather!
Monday, November 19, 12
Anti Contamination
                               Guidelines

                   • Do not use Twitter and Facebook
                    • Never post links to Facebook images.
                   • Do not post informations to the regular
                          internet while you are anonymous in IRC.




Monday, November 19, 12
Monday, November 19, 12
Hackers are no longer
                     FREEDOM
                     FIGHTERS
                     the apex predator


Monday, November 19, 12
That position has been
                      ceded to LEO  *



                          *Law Enforcement Officials


Monday, November 19, 12
Technology



Monday, November 19, 12
• Operations Platform
                    • Console for accessing your staging box
                   • Staging Platform / Launch Pad
                    • Box with attack tools
                   • Bounces
                    • Reach your target objectives without
                          leaving a trail

Monday, November 19, 12
Operations Platform



Monday, November 19, 12
• Essentially a modern VT100
                   • Provides access to operational resources
                   • Non incriminating, ideally dual use, device
                    • RaspberryPi, AllWinner miniPC, etc.


Monday, November 19, 12
+


                          +       =
Monday, November 19, 12
Operations Box

Monday, November 19, 12
Staging Platform



Monday, November 19, 12
• Jump box
                    • The first stop from the operations
                            platform

                          • Not used directly for attacks, this is
                            $HOME

                   • Storage for logs, data and tools

Monday, November 19, 12
Launch Pad



Monday, November 19, 12
• Used for launching attacks
                   • Disposable
                   • Maybe in China?


Monday, November 19, 12
$HOME        lp




                            >_



Monday, November 19, 12
Bounces



Monday, November 19, 12
VPNs vs. TOR

                   • VPNs provide privacy
                   • TOR provides anonymity
                   • Confuse the two at your peril


Monday, November 19, 12
• TOR connection to a VPN => OK
                   • VPN connection to TOR => GOTO JAIL


Monday, November 19, 12
On VPNs
                   • Only safe currency is Bitcoins
                    • “Because they come from nothing”
                   • Purchase only over TOR
                    • http://torrentfreak.com/which-vpn-
                          providers-really-take-anonymity-
                          seriously-111007/


Monday, November 19, 12
On Bitcoins

                   • Bitcoins are anonymous, not private
                    • They can be traced
                   • Unique, uncontaminated, wallet per cover
                    • Use mixers to sanitize BTC

Monday, November 19, 12
Monday, November 19, 12
Fail closed



Monday, November 19, 12
PORTAL
           Personal Onion Router To Assure Liberty




Monday, November 19, 12
Monday, November 19, 12
PORTAL
                   • Router ensuring all traffic is transparently
                          sent over TOR
                          • Reduce the ability to make mistakes
                   • Use mobile uplink
                    • Mobility (go to a coffee shop)
                    • Reduce risk of wifi monitoring
Monday, November 19, 12
PORTAL


                   • Uses tricks to get additional storage space
                          on /




Monday, November 19, 12
Hardware

                   • TP-LINK AR71xx personal routers
                    • MR-11U
                    • MR-3040
                    • MR-3020
                    • WR-703N

Monday, November 19, 12
MR-3040 & MR-11U

                   • Battery powered
                    • Approx. 4-5 hrs per charge
                   • USB for 3G modem


Monday, November 19, 12
http://grugq.github.com/
                         portal


Monday, November 19, 12
Conclusion




Monday, November 19, 12
STFU



Monday, November 19, 12
Monday, November 19, 12
If you hack, don’t speak
               If you speak, don’t write
               If you write, don’t sign
               If you sign, don’t be surprised


Monday, November 19, 12

Más contenido relacionado

Similar a Keynote the grugq opsec for russians

WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...
WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...
WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...Gigaom
 
Why not to use Rails? (actually it's when not to use Rails)
Why not to use Rails? (actually it's when not to use Rails)Why not to use Rails? (actually it's when not to use Rails)
Why not to use Rails? (actually it's when not to use Rails)Arik Fraimovich
 
TYPO3 Congres 2012 - Keynote: A day with TYPO3
TYPO3 Congres 2012 - Keynote: A day with TYPO3TYPO3 Congres 2012 - Keynote: A day with TYPO3
TYPO3 Congres 2012 - Keynote: A day with TYPO3TYPO3 Nederland
 
Working Abroad
Working AbroadWorking Abroad
Working Abroadjohnpryan
 
Ester Ytterbrink - FOSS for crips
Ester Ytterbrink - FOSS for cripsEster Ytterbrink - FOSS for crips
Ester Ytterbrink - FOSS for cripsFSCONS
 
12 Real Estate Investing Success Killers and How to Avoind Them
12 Real Estate Investing Success Killers and How to Avoind Them12 Real Estate Investing Success Killers and How to Avoind Them
12 Real Estate Investing Success Killers and How to Avoind ThemJohn Ferguson
 
Mike Krieger, Instagram, Warm Gun 2012
Mike Krieger, Instagram, Warm Gun 2012Mike Krieger, Instagram, Warm Gun 2012
Mike Krieger, Instagram, Warm Gun 2012500 Startups
 

Similar a Keynote the grugq opsec for russians (8)

WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...
WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...
WAR SIGNALS: INDUSTRIALIZATION, MOBILIZATION, AND DISRUPTION from Structure:E...
 
Why not to use Rails? (actually it's when not to use Rails)
Why not to use Rails? (actually it's when not to use Rails)Why not to use Rails? (actually it's when not to use Rails)
Why not to use Rails? (actually it's when not to use Rails)
 
TYPO3 Congres 2012 - Keynote: A day with TYPO3
TYPO3 Congres 2012 - Keynote: A day with TYPO3TYPO3 Congres 2012 - Keynote: A day with TYPO3
TYPO3 Congres 2012 - Keynote: A day with TYPO3
 
living drupal
living drupalliving drupal
living drupal
 
Working Abroad
Working AbroadWorking Abroad
Working Abroad
 
Ester Ytterbrink - FOSS for crips
Ester Ytterbrink - FOSS for cripsEster Ytterbrink - FOSS for crips
Ester Ytterbrink - FOSS for crips
 
12 Real Estate Investing Success Killers and How to Avoind Them
12 Real Estate Investing Success Killers and How to Avoind Them12 Real Estate Investing Success Killers and How to Avoind Them
12 Real Estate Investing Success Killers and How to Avoind Them
 
Mike Krieger, Instagram, Warm Gun 2012
Mike Krieger, Instagram, Warm Gun 2012Mike Krieger, Instagram, Warm Gun 2012
Mike Krieger, Instagram, Warm Gun 2012
 

Más de DefconRussia

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков -  Bare-metal programming на примере Raspber...[Defcon Russia #29] Борис Савков -  Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...DefconRussia
 
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...DefconRussia
 
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobindingDefconRussia
 
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/LinuxDefconRussia
 
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golangГеоргий Зайцев - Reversing golang
Георгий Зайцев - Reversing golangDefconRussia
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...DefconRussia
 
HTTP HOST header attacks
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacksDefconRussia
 
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей ТюринAttacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей ТюринDefconRussia
 
Weakpass - defcon russia 23
Weakpass - defcon russia 23Weakpass - defcon russia 23
Weakpass - defcon russia 23DefconRussia
 
nosymbols - defcon russia 20
nosymbols - defcon russia 20nosymbols - defcon russia 20
nosymbols - defcon russia 20DefconRussia
 
static - defcon russia 20
static  - defcon russia 20static  - defcon russia 20
static - defcon russia 20DefconRussia
 
Zn task - defcon russia 20
Zn task  - defcon russia 20Zn task  - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing  - defcon russia 20Vm ware fuzzing  - defcon russia 20
Vm ware fuzzing - defcon russia 20DefconRussia
 
Nedospasov defcon russia 23
Nedospasov defcon russia 23Nedospasov defcon russia 23
Nedospasov defcon russia 23DefconRussia
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23DefconRussia
 
Miasm defcon russia 23
Miasm defcon russia 23Miasm defcon russia 23
Miasm defcon russia 23DefconRussia
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...DefconRussia
 
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхDefconRussia
 

Más de DefconRussia (20)

[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков -  Bare-metal programming на примере Raspber...[Defcon Russia #29] Борис Савков -  Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
 
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
 
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
 
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
 
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golangГеоргий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
 
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
 
HTTP HOST header attacks
HTTP HOST header attacksHTTP HOST header attacks
HTTP HOST header attacks
 
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей ТюринAttacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
 
Weakpass - defcon russia 23
Weakpass - defcon russia 23Weakpass - defcon russia 23
Weakpass - defcon russia 23
 
nosymbols - defcon russia 20
nosymbols - defcon russia 20nosymbols - defcon russia 20
nosymbols - defcon russia 20
 
static - defcon russia 20
static  - defcon russia 20static  - defcon russia 20
static - defcon russia 20
 
Zn task - defcon russia 20
Zn task  - defcon russia 20Zn task  - defcon russia 20
Zn task - defcon russia 20
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing  - defcon russia 20Vm ware fuzzing  - defcon russia 20
Vm ware fuzzing - defcon russia 20
 
Nedospasov defcon russia 23
Nedospasov defcon russia 23Nedospasov defcon russia 23
Nedospasov defcon russia 23
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
 
Miasm defcon russia 23
Miasm defcon russia 23Miasm defcon russia 23
Miasm defcon russia 23
 
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
 
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условияхSergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
 

Keynote the grugq opsec for russians