Dave Ockwell-Jenner explains the common cyber espionage techniques used by the "comment crew" (APT1). A video of his excellent demo can be found here https://www.youtube.com/watch?v=2rJ2tHeb5yQ
08448380779 Call Girls In Civil Lines Women Seeking Men
China all up in your business: Annoying Persistant Threat - Dave Ockwell-Jenner (OWASP Ottawa)
1.
2. About Me
• Senior Security Architect for SITA
– IT & Communications specialists for the Air Transport Industry
– Created and manage software security program
• Owner of Prime Information Security
– Boutique security consultancy specializing in small-medium enterprise
• Previously worked with RIMBlackBerry, TELUS, Nortel
• And…
– Creator of the 37th ever web site!
– Blogger for TELUS
– Co-Author of SANS course Developing Defensible Java EE Solutions
– Co-Founder of the Small Business Community Network (SBCN)
– House DJ and Producer
3. Hunting Wabbits
• Tracking Evil Bad Guys™ for the past
several years
– Looking at intrusion techniques, malware
and exfiltration
– The so-called ‘Advanced Persistent Threat’
• Not so much ‘Advanced’ but ‘Annoying’
• APT1
– Digital forensics firm MANDIANT recently
claimed well-known hacking group to be an
office of the Chinese People’s Liberation
Army (PLA)
– I may or may not have some experience with
our Chinese friends!
4. How Advanced, is Advanced?
• If I can understand it, it’s not very
advanced
– The organization and effectiveness is
clever, but the techniques are
something we can all understand
• Why don’t we take a look at a
recreation of an actual attack?
– In time-honoured Looney Tunes
tradition, we’ll use a fictional
company called ACME, makers of…
5. Demo: Rules of Engagement
• Please keep in mind, what you’re about to see
and hear is for educational purposes ONLY
• Please ask lots of questions
• If something doesn’t work, it has nothing to
do with my awesome talent…
… it’s clearly a hardware problem
7. What did we learn?
• Simple malware is really easy to make and yet
quite effective
– Malware is really easy to hide from AV
• Once compromised, it’s pretty trivial to snoop
around further and steal loot
– But we can make it more difficult
• Our web sites & apps might be a hiding place for
command/control of infected systems
– So make sure our sites/apps are secured—see
OWASP!