Alex “Jay” Balan in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The videos and other presentations can be found on https://def.camp/archive

2. Presentation Time:
This presentation should take around 40min.
Your Host
Alex “Jay” Bălan
Chief Security Researcher - Bitdefender
PRIVACY: BETWEEN HYPE AND NEED

3. FBI

4. June 2013 – the frenzy begins
Media outlets love this (obviously)
Portreying Big Brother as an abuser
has an instant appeal to a society that
loves its country but hates the system

8. What are the pros and cons
with regards those leaks?
Do you think those leaks were
a good or bad thing?
Are the whistleblowers heroes
or traitors?

9. This is, obviously, just the tip of
a very large and dark iceberg...

10. THE
CAMBRIDGE ANALYTICA
SCANDAL

12. Hackers

13. Rogue GSM cells

14. Hackers stealing your security recording feeds
from smart cameras

17. • ML behind your keyboard (predictive text, swype, etc)
• WIFI
• Voice commands
• App permissions
• E.g. you give a QR code scanner access to the camera. The app will
be able to turn it on without your knowledge
• E.g. You give Shazam access to the microphone. It will be able to do
ambiental recordings and send them to 3rd parties
• Truecaller / sync.me / facebook / almost everything – when no matter
how paranoid you are, your friends may be idiotsless paranoid than
you are
• You have a very secure password but you type it? I guarantee it’s on
dozens of security camera feeds.
• Browser extensions have access to your whole browsing behaviour
• The list goes on

18. • CNP/SSN
• Last 4 digits of your credit card
• Date of birth
• Place of birth
• Mother’s maiden name
• School you went to
• Places you worked
• Your name. Your phone number. ”but they have to know my
name/phone number and that I work there in that position for
the attack to work”
A few words on static data.
Or what to treat as “already compromised”

19. But wait. GDPR?

20. • 2001 – Personal Identification Number, home address and
more of all Bucharest citizens leaks on the internet
• 2014 – ANAF accidentally displays the ID card data for tens of
thousands of Ploiesti citizens
• 2016 – Adult Friend Finder hacked. 412M accounts exposed.
Thousands of divorces. 2 suicides.
• 2018 – I dare you to try asking “I’d like to know how you’re
going to handle my information” at Public Administration 
„WOOPS!” moments and hacks are not prevented by
GDPR!

21. By design, privacy is an utopia in today’s society. The old gossip
circle around the watercooler has been given a huge megaphone
through the internet. ALWAYS work under this assumption. With
that in mind, I ask you:
• Big brother claims they spy on citizens to prevent crime. Do
we believe them?
• The commercial sector claim they spy on us to better predict
our needs and make our life easier. Obviously we can’t believe
it’s just that but the question here is – do we accept it?
• The media hypes whatever gets them clicks: articles against
big brother and about people’s privacy always get them clicks.
Do we trust them?

22. Ask me anything :)
abalan@bitdefender.com | @jaymzu
Our red team is hiring! Send your
offensive security oriented CVs to
redteam@bitdefender.com