It has been estimated that the global earnings of Cyber Criminals will equal or exceed the GDP of the UK sometime in the 2022/23 window. If this was the capability of a country they would be joining the G8! Clearly, we are losing the Cyber War hands down, and the time has long passed when we might ignore the threat scenarios surrounding us.
In this lecture we examine global networks from home and office through the ‘last mile,’ and on to national and international networks to identify the key vulnerabilities and points of potential ingress. We identify the cyber risks as escalating as we approach the periphery of all forms of network. For the most part, the core/carrier networks are virtually unassailable physically as they are dominated by terrestrial and undersea optical fibre cables.
Throughout the ‘carrier’ network levels the difficulty of physical interception, encryption, routing, and path diversity employed renders them secure in the extreme. Attackers, therefore, tend to focus on the exploitation of people, devices, services, home, and office appliances, and latterly, a poorly engineered IoT.
In reality, we are expanding the attack surface of the planet exponentially without due caution or care in the most exposed sectors and locations. And so, we explore potential tech and operational solutions for the future.
NOTE: This lecture is one of a series that has examined technology design and deployment, devices and the IoT, people fallibility, deviousness, internal and external threats.
In class; RED and BLUE Team Exercises have also been conducted in support of the complete Cyber Security Package to date.
1. Prof Peter Cochrane OBE
p e t e r c o c h r a n e . c o m
U D P
I P
S I P
TC P
RT P
D C H P
D N S
P N
V P N
L A N
W
A N
W I F IP S T N
W L A N
3 G
4 G 5 G
6 G ? ?
B l u e To o t h
F T T X
V D S L
VO I P
I o T
I 4 . 0
A I
V M O
4 G
C LO
U
D
S
A M P S
A C T S
B O
D
F L A G
I N L E O
P I N
P o C
N A P
P o P P OT S
S ATC o m RO
W
A F C C O D E C C AT VAT M
DT M
F
E
IR
P
F M
D P S K
CYBER Security
In a fully mobile world
2. D A N G E R O U S E P O C H
C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d
“ We h a v e n e v e r k n o w n s o v e r y m u c h a n d
u n d e r s t o o d s o l i t t l e”
3. D A N G E R O U S E P O C H
C h a n g e n o w o c c u r s a t a n i n h u m a n s p e e d
“ We h a v e n e v e r k n o w n s o v e r y m u c h a n d
u n d e r s t o o d s o l i t t l e”
2 0 2 0
I n f o r m a t i o n 6 0 Z B
M o b i l e s > 1 4 B n
I o T D e v i c e s > 2 5 B n
C o n n e c t i o n s > 5 0 B n
G l o b a l F i b r e > 1 Tm
Tr a f f i c / D a y > 5 E B
Internet traffic
2025 >17.5 ExaBytes/Day
2020 >5.3 ExaBytes/Day
2015 > 1.7 ExaBytes/Day
2000 < 0.3 ExaBytes/Day
1 Exa =109 GBytes
4. RESUME
R e a l i t y 2 0 2 0
Attacks are escalating
The Dark Side is winning
There are no silver bullets
People are the biggest risk
The attack surface is increasing
Attacker rewards are on the up
All our security tools are reactive
Cyber disruption costs are growing
Companies do not collaborate/share
Attackers operate an open market
More of the same but better
& faster will not change the
game…
…we have to think anew - to get
out of the box and do something
very different !
5. Infrastructures
Web Resources
PoS + ATMs
Peripherals
Users
IoT
Mobiles
Pcs Tablet
Wearables
Targets
Transport
IT
Retail
Crypto££
Telecom
++++
c y b e r A t t a c k
A c o n n e c t e d / n e t w o r k e d w o r l d
Malware
False ID
Social
Engineering
Hacking
Web Probes
DDoS
Software
Adulteration
Finance
Gov
Health
Care
Education
Industry
Commerce
Services
Hospitality
VictimsTools
6. Infrastructures
Web Resources
PoS + ATMs
Peripherals
Users
IoT
Mobiles
Pcs Tablet
Wearables
Targets
Transport
IT
Retail
Crypto££
Telecom
++++
c y b e r A t t a c k
A c o n n e c t e d / n e t w o r k e d w o r l d
Malware
False ID
Social
Engineering
Hacking
Web Probes
DDoS
Software
Adulteration
Finance
Gov
Health
Care
Education
Industry
Commerce
Services
Hospitality
VictimsTools
We are all on (a)
l i s t ( s ) & r a t e d
a s t a r g e t s
S o o n e r o r l a t e r
w e w i l l a l l t a k e
a h i t ( o r t w o )
M u c h o f o u r
p e r s o n a l d a t a
i s f o r s a l e !
7. H E A D L I N E S
B i g g e r t h a n U K G D P ! “ W e a r e l o s i n g t h i s
w a r h a n d s d o w n ”
8. https://www.varonis.com/blog/cybersecurity-statistics/
A t t a c k C a t a l o g u e
W e f a c e a r a p i d l y c h a n g i n g l a n d s c a p e !
“ I t i s e s s e n t i a l t o m a k e a c y b e r t h r e a t r e v i e w a d a i l y r o u t i n e
b y c o n t i n u a l l y t a p p i n g t h e r i c h v e i n o f r e p o r t s a n d h e a d l i n e
n e w s a v a i l a b l e t o t h e d e f e n c e c o m m u n i t y ”
https://go.crowdstrike.com/crowdstrike-global-threat-report-2020.html
https://www6.gemalto.com/ppc/dtr/global
https://www.accenture.com/gb-en/insights/cyber-security-index
https://solutionsreview.com/endpoint-security/key-findings-the-check-
point-2020-cyber-security-report/
9. R a n s o m e w a r e
% o f o r g a n i s a t i o n s r e p o r t i n g a t t a c k s
11. P e r s i s t e n t C r i s i s
Anti-phase cyclic actions correlate with events
Company/Institutions/Gov/Industry
Status Surveys remain almost static year-
on-year and show little sign of improvement
despite the growing number and type of
attack plus reputational damage
12. T H E B I G G E S T R I S K
A t t a c k m o d e s d e p e n d o n p e o p l e f a i l s !
13. J O E P U B L I C
T h e O L D a t r i s k g r o u p
14. J O E P U B L I C
T h e O L D a t r i s k g r o u p
Status
User Attitude
I just want to use it: I can’t/don’t want to know or
understand any of the detail - so don’t touch it, don’t
change anything, you might break it, just fix the
problem and let me carry on as normal!
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
BOTNET
Zip
Outdated
Old OS - never updated
Very Few - never updated
Simple and Weak
What ?
No Idea?
Whats That?
None
I use my phone line
Wide Open
???
Blanklook - Don’t care
Very hard to help
at risk group in
need of expert/
Family Help
16. Young Family
B o r n & l i v e w i t h t e c h
Status
User Attitude
We all need to be IT literate and fully understand the
opportunities/risks - child protection is a must and
how/where to get help
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Sufficient /Reasonable
New(ish)
OS - auto-updated
Many - auto-updated
Strong(ish)/Browser Created
Two Factor
Built into OS
Protection Built into OS
Cloud fundamental to set up
Best Deal ADSL/VDSL/Fibre
Supplier Strong Password
Firewall + Child Protection
May have Norton or similar
Parents capable
and protective
kids are eager
beavers
17. H O M E W O R K E R
A w a r e a n d C y b e r - w o r r i e d
18. H O M E W O R K E R
A w a r e a n d C y b e r - w o r r i e d
Status
User Attitude
I am a professional and my job depends upon my IT
literacy: I need to fully understand the opportunities
and risks and I need contracted support
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Encryption
VPN
Good
<3 years old
OS - auto-updated
Many - auto-updated
Strong/Browser Created
2 Factor + PIN/Fingerprint
Built into OS + Additional App(s)
Protection inside OS + App(s)
Cloud +Several (>1) HDs
Best ADSL/VDSL/Fibre Speed
Strong Password
FireWall and Malware Protection
Norton or similar +++
Not the norm but able
Sometimes
19. M o b i l e w o r k e r
Cyber over confident should be worried
20. M o b i l e w o r k e r
Cyber over confident should be worried
Status
User Attitude
I am a professional road warrior and my job depends
upon me being on the ball and self sufficient & I
have to be aware of physical and cyber security
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Encryption
VPN
Good
<3 years old
OS - auto-updated
Many - auto-updated
Strong/Browser Created
2 Factor + PIN/Fingerprint
Built into OS + Additional App(s)
Protection inside OS + App(s)
Cloud(x2) + Several (>2) HDs
Best ADSL/VDSL/Fibre Speed
Strong Password Random Sites
FireWall and Malware Protection
Norton or similar +++
Normal Mode
Normal Mode
21. S M E / S ta r t u p
D e f e n d i n g a d i s p a r a t e g r o u p
22. S M E / S ta r t u p
D e f e n d i n g a d i s p a r a t e g r o u p
Added Complexity
There are no IT standards and/or codes of practice
everyone works on the move using their personal IT
and an array of platforms and apps
People are working from Home, Office, Hotels,
Airports, Coffee Shops with ad hoc networking with
a wide range of data and apps
The attack opportunities are amplified but so are the
complications of navigating multiple locations, device
and OS types along with a diverse spread of Apps
Fledgling companies eventually die or grow up and
this model does not scale to deal with the a large
number of customers and the increased security
requirements - in short: processes, contingencies and
staff training plus a deal of uniformity are a must !
Status
User Attitude
A group of professionals dedicated to the creation of
a successful company - from a variety of backgrounds
with years of IT user experience and awareness
Tech Awareness
Technology
Software
Apps
Passwords
Authentication
Firewalls
Malware
Back-Up
BroadBand
WiFi
ISP
Security
Encryption
VPN
IT Support
Excellent
Random mix of personal devices
Multiple OS - auto-updated
Many - auto-updated
Strong/Browser Created
2 Factor + PIN/Fingerprint
Built into OS + Additional App(s)
Protection inside OS + App(s)
Cloud(x3) + Many (>??) HDs
Best ADSL/VDSL/Fibre
Strong Password Fixed & Mobile
FireWall and Malware Protection
An Array of Products + Services
Normal Mode
Normal Mode
Some Specialisms eg web site
23. M e d i u m B i G C o m p a n y
A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s
L a r g e C o m p a n y
Cyber over confident should be worried
24. M e d i u m B i G C o m p a n y
A f i x e d , m o b i l e , d i s p e r s e d w o r k f o r c e / o f f i c e s
L a r g e C o m p a n y
Cyber over confident should be worried
ITs not my bag
THE IT DEPT
Take care of all
this/w
ho cares
IT and Security
never eat their
ow
n
dog food
do theY EVEN
care
IT and Security
never look at or
try to do your
job
28. D A N G E R O U S E P O C H
We h a v e n e v e r s e e n a n y t h i n g l i k e t h i s !
29. P r i m e t a r g e t s
F a v o u r i t e c y b e r a t t a c k s e c t o r s $ $
30. V U L N E R A B I L I T I E S
T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e
31. V U L N E R A B I L I T I E S
T h e b i g g e s t c o n t i n u a l r i s k e x p o s u r e
People
Always The
Biggest
Risk!
32. P H I S H I N G D E M O
O h s o v e r y e a s y f o r t h e s k i l l e d
34. S P O O F E R S
B i g g e s t f r o n t c o m p a n i e s
35. I M P E R S O N A T I O N
F a k e I D c a l l c e n t r e s u p p o r t a t t a c k s
36. C h a l l e n g e
T h i s l i s t e x p a n d s y e a r l y
37. Malicious Code
inserted into visitor
browsers
Gains Access
to sensitive
data
c y b e r A t t a c k
S y s t e m W i d e O p p o r t u n i t y Po i n t s
38. R I S K P R O F I L E
T h e b i a s f o l l o w s t h e p e o p l e
39. R I S K P R O F I L E
T h e b i a s f o l l o w s t h e p e o p l e
“ T h e b u l k o f n a t i o n a l a n d
i n t e r n a t i o n a l n e t w o r k s
a r e p h y s i c a l l y d i f f i c u l t
to access: the level of
e n c r y p t i o n r e n d e r s
i t i m p o s s i b l e t o
access any useful
i n f o o r d a t a”
W e n o w e x a m i n e
t h i s i n d e t a i l
40. PRIMARY security 1
P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l
VPN
PN
VPN
PN
Dedicated
Fibre
VPN
PN
Dedicated
Fibre
VPN
PN
Network Services
Reseller
with direct routing
Inherently
Secure
Fibre
PN/VPN
41. PRIMARY security 1
P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l
VPN
PN
VPN
PN
Dedicated
Fibre
VPN
PN
Dedicated
Fibre
VPN
PN
Network Services
Reseller
with direct routing
Inherently
Insecure
Wired
&
Wireless
Inherently
Secure
Fibre
PN/VPN
Strong
Encryption
Hidden
VPN &
Routings
What is actually
in this Cloud?
42. p a r t i a l v i e w 1
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually
in this Cloud?
43. p a r t i a l v i e w 1
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l What is actually
in this Cloud?
It
is
a
v
ita
l
s
ec
r
et
a
s
to
th
e
d
eta
iled
d
es
ig
n
/en
g
in
eer
in
g
a
d
o
p
ted
A
n
d
th
e
en
em
y
m
u
s
t
n
o
t
k
n
o
w
th
is
44. p a r t i a l v i e w 2
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l
How is the
Network
Configured?
45. p a r t i a l v i e w 2
C o m p a n i e s d o n ’ t d i v u l g e d e t a i l
How is the
Network
Configured?
It
is
a
v
ita
l
s
ec
r
et
a
s
to
th
e
d
eta
iled
d
es
ig
n
/en
g
in
eer
in
g
a
d
o
p
ted
A
n
d
th
e
en
em
y
m
u
s
t
n
o
t
k
n
o
w
th
is
46. S o m e G u e s s e s
W h a t w o u l d w e d o a s d e s i g n e r s ?
47. S o m e G u e s s e s
W h a t w o u l d w e d o a s d e s i g n e r s ?
In
h
er
en
tly
s
ec
u
r
e
in
th
e
ex
tr
em
e
iff
d
es
ig
n
ed
w
ell
a
n
d
d
eta
il
is
k
ep
t
s
ec
r
et
48. Cable 3
D i v e r s i t y
M u l t i - C a b l e s P a t h s
50. Cable 8
Cable 6
Cable 3
D i v e r s i t y
M u l t i - C a b l e s P a t h s
A
d
d
s
r
es
ilien
c
e
to
a
w
h
o
les
a
ler
n
etw
o
r
k
a
n
d
is
a
v
er
y
effec
tiv
e
d
efen
c
e
a
g
a
in
s
t
D
D
O
S
A
tta
c
k
s
51. Cable 8
Cable 6
Cable 3
A d d r e s s i n g
M u l t i - C a b l e P a t h s / R o u t i n g Radically Different
For Each Layer
Password Format
Different by Layer
52. Cable 8
Cable 6
Cable 3
A d d r e s s i n g
M u l t i - C a b l e P a t h s / R o u t i n g Radically Different
For Each Layer
Password Format
Different by Layer
A
d
d
s
r
es
ilien
c
e
A
n
d
A
N
ex
tr
a
la
y
er
o
f
s
ec
u
r
ity
fo
r
a
tta
c
k
er
s
if
th
ey
g
et
th
is
d
eep
53. Cable 8
Cable 6
Cable 3
Appears to be/mimics real thing, but sees the
Dark Side fighting infrastructure to nowhere!
S p o o f i n g
G h o s t C a b l e s P a t h s
54. Cable 8
Cable 6
Cable 3
d
ilu
tes
th
e
effo
r
ts
a
n
d
r
es
o
u
r
c
es
o
f
th
e
d
a
r
k
s
id
e
a
n
d
Fr
u
s
tr
a
tes
th
eir
D
es
ig
n
s
to
G
a
in
a
c
c
es
s
Appears to be/mimics real thing, but sees the
Dark Side fighting infrastructure to nowhere!
S p o o f i n g
G h o s t C a b l e s P a t h s
55. Cable 3
H o p p i n g
D y n a m i c A d d r e s s i n g
Node Addresses Change by the second
to render them invisible to scanners
56. Cable 8
Cable 6
Cable 3
H o p p i n g
D y n a m i c A d d r e s s i n g
Node Addresses Change by the second
to render them invisible to scanners
57. Cable 8
Cable 6
Cable 3
H o p p i n g
D y n a m i c A d d r e s s i n g
Node Addresses Change by the second
to render them invisible to scanners
A
s
o
f
th
e
c
r
ea
tio
n
o
f
th
is
p
r
es
en
ta
tio
n
n
o
k
n
o
w
n
a
tta
c
k
h
a
s
b
een
s
u
c
c
es
s
fu
l
a
g
a
in
s
t
th
is
d
efen
c
e
58. TH E BIG PICTUR E
O p t i c a l F i b r e C a b l e N e t S p i n e
59. TH E BIG PICTUR E
O p t i c a l F i b r e C a b l e N e t S p i n e
O
v
er
4
30
u
n
d
er
s
ea
c
a
b
les
n
o
w
c
o
n
n
ec
t
th
e
p
la
n
et
a
n
d
c
a
r
r
y
99.999%
o
f
a
ll
tr
a
ffic
60. EU - Nth America
O p t i c a l F i b r e C a b l e s 2 0 1 9
61. EU - Nth America
O p t i c a l F i b r e C a b l e s 2 0 1 9
C
A
B
LE
FA
ILS
A
R
E
R
A
R
E
a
n
d
m
a
in
ly
c
a
u
s
ed
b
y
h
u
m
a
n
in
ter
v
en
tio
n
tr
a
w
ls
a
n
c
h
o
r
s
p
lu
s
tid
a
l
a
c
tio
n
62. UK - North America
1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
63. UK - North America
1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
D i s p e r s e C a b l e s
a n d
L a n d i n g S i t e s
D i s p e r s e Tr a f f i c
a c r o s s
S e v e r a l C a b l e s
D i v e r s e E m e r g e n c y
r o u t i n g
V i a F r a n c e , S p a i n ,
S c a n d i n a v i a , o n a
m a j o r c a b l e f a i l
M a i n t a i n S e n s i b l e
F a i l u r e M a r g i n s
64. UK - North America
1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
D i s p e r s e C a b l e s
a n d
L a n d i n g S i t e s
D i s p e r s e Tr a f f i c
a c r o s s
S e v e r a l C a b l e s
D i v e r s e E m e r g e n c y
r o u t i n g
V i a F r a n c e , S p a i n ,
S c a n d i n a v i a , o n a
m a j o r c a b l e f a i l
M a i n t a i n S e n s i b l e
F a i l u r e M a r g i n s
in
w
a
r
tim
e
it
is
n
o
t
u
n
u
s
u
a
l
fo
r
c
a
b
les
to
b
e
a
ta
r
g
et
if
th
ey
c
a
n
b
e
lo
c
a
TED
TH
EN
TH
EY
M
A
Y
B
E
C
U
T
65. PRIMARY Security 2
L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s
Country
Gateway
Regional
Gateway
Regional
Gateway
DedicatedFibre orWavelengths
Dedicated
Fibre or
Wavelengths
VPN
PN
Total end-to-end nodes
to number < 10
Total end-to-end path
delay to be <150 ms
66. PRIMARY Security 2
L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s
Country
Gateway
Regional
Gateway
Regional
Gateway
DedicatedFibre orWavelengths
Dedicated
Fibre or
Wavelengths
VPN
PN
Total end-to-end nodes
to number < 10
Total end-to-end path
delay to be <150 ms
All Optical Fibre Net Almost
Impossible to Penetrate but
not entirely so!
All Gateways
Highly Secure
Facilities
All Precise Routings and
Gateway Locations are
not generally available
67. PRIMARY Security 2
L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s
Country
Gateway
Regional
Gateway
Regional
Gateway
DedicatedFibre orWavelengths
Dedicated
Fibre or
Wavelengths
VPN
PN
Total end-to-end nodes
to number < 10
Total end-to-end path
delay to be <150 ms
All Optical Fibre Net Almost
Impossible to Penetrate but
not entirely so!
All Gateways
Highly Secure
Facilities
All Precise Routings and
Gateway Locations are
not generally available
N
o
n
O
b
v
io
u
s
g
a
t
ew
a
y
g
h
o
s
t
in
g
/d
u
p
lic
a
t
io
n
P
lu
s
s
p
lit
fib
r
e
c
a
b
le
feed
s
c
a
n
b
e
u
s
ed
t
o
in
c
r
ea
s
e
s
ec
u
r
it
y
Ex
t
en
s
iv
e
u
s
e
o
f
en
c
r
y
p
t
io
n
12
8
/2
5
6
/
5
12
k
ey
s
p
lu
s
p
u
b
lic
k
ey
fo
r
c
o
n
t
r
o
l
a
n
d
s
ig
n
a
llin
g
68. COULD THIS HAPPEN
W o u l d i t i n a l l l i k e l i h o o d w o r k ?
The media just love this scenario…
but undersea cables are 1000s
of time less vulnerable than
satellites!
70. PRIMARY Security 3
Ra n d o m i s a t i o n o f b y t e s a n d ro u t i n g
Impossible to fully imitate
the complex randomness
in action…so this will
have to suffice !!
71. R I S K P R O F I L E
T h e b i a s f o l l o w s t h e p e o p l e
“ T h e b u l k o f t h e l o c a l l o o p /
l a s t m i l e i s e x p o s e d a n d
p h y s i c a l l y e a s y to access:
the equipment, copper,
fibre, and wireless
links are open
to attack”
W e n o w e x a m i n e
t h e l a s t m i l e
72. “ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e 1 :
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
73. “ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e 1 :
COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
1
23
4
5
6
7
8
74. COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
1 2
75. COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
76. COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
3
4
3 5
5 5 5
5
77. COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
“ L e t m e e x p l a i n / t e l l y o u h o w , b u t
I a m n o t g o i n g t o d o c u m e n t i t ”
H e r e i s t h e h a r d w a r e
6
78. COPPER & FIBRE ACCESS
H o w t o p h y s i c a l l y b r e a k i n t o t h e n e t
H e r e i s t h e h a r d w a r e 2 :
7
79. Why would anyone do this for a few ££
an hour, or is there hidden value add
that we are not seeing?
Stealing all that personal data is often the
bigger prize!
MUCH EASIER
W i t h a h i g h R O I
Gangs generally hired in and exploited
by big crime! Sold on or delivered to
far more capable exploiters…
80. UP THE VALUE
100s of hack tutorials on-line
A naked mobile device is one price
A live mobile device with all the log-in
and personal data accessible is a much
better deal !
81. PASSWORD & PACKET SNIFFERS
A v i t a l b r e a k i n t o o l a v a i l a b l e o n t h e D a r k N e t
F r e e o r a v a i l a b l e t o p u r c h a s e
T i m e t o c r a c k a p a s s w o r d = M i n u t e s - H o u r s
E m u l a t i n g h a r d w a r e c a n c o s t k i t + s o f t w a r e a n d i s h a r d !
Password Sniffer: An App that scans and records passwords on a computer or network
interface.
It inspects all incoming and outgoing network traffic and records any instance of a data packet
that contains a password.
Over a period of time it can build up a complete ID, MAC Address, Password et al record
82. STUDENT WARNING
I d o n o t re c o m m e n d e n t e r i n g t h i s d o m a i n , BU T i t i s t h e o n l y
re a l wa y o f a p p re c i a t i n g t h e f u l l p o t e n t i a l - S O i f yo u d o
d e c i d e t o h a ve l o o k , t h e n :
1) Use an old machine/fake ID in a coffee shop
2) Have your camera, mic, tracking turned off
3) Make sure all location service options are off
4) Employ security (Norton et al) throughout
5) Only have a single app (TOR) installed
6) DO NOT complete any transactions
7) Reveal no personal info whatsoever
8) Factory reset machine when done
9) Security scan machine on boot
RECOMMENDATION: Enter, take a look, get a taste, get out
83. TORching infrastructure
5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9
I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y
3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s
84. TORching infrastructure
5 G c o o k s y o u b r a i n , e y e s , & t r a n s m i t s C V - 1 9
I n t h e U K > 1 0 0 t o w e r s a n d e q u i p m e n t s t o r c h , b u t m a i n l y
3 / 4 G p u t t i n g l i v e s a t r i s k / d i s a b l i n g e m e r g e n c y s e r v i c e s
This is the pow
er of
ignorance w
rit large
belief paranoia
and
a
lack
of any basic
education
3 4 5G save lives day
on
day and these
fools do not know
that they are killing
people
87. L e ss o n s
F r o m
H i s to r y
F e n c e
F e n c e + M o u n d
W a l l + M o u n d
W a l l + M o u n d + D i t c h
W a l l + M o u n d + M o a t
W a l l ( s ) + M o u n d + K e e p + M o a t
+ + +
+ + +
W a l l ( s ) + M o u n d + K e e p + M o a t
+ H i d d e n D i t c h + O b s t a c l e s
+ + +
+ + +
C a s t l e i n a C a s t l e !
88. S lo w e vo l u t i o n
T h e e n e m y i s m o b i l e & a g i l e
E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s
E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !
89. S lo w e vo l u t i o n
T h e e n e m y i s m o b i l e & a g i l e
I r o n A g e
N a p o l e o n
E x p o n e n t i a l l y m o r e e x p e n s i v e a n d l o n g e r b u i l d t i m e s
E f f e c t i v e n e s s o n a s h o r t e r a n d s h o r t e r f u s e !
Does this not look
like
the recent history
of
cyber
defence w
ith
layer
on
layer
of
fixed/static
defences
And
w
e are still
building
them
in
the
form
of bunkers at
even
vaster
expense
90. And after > 2000 years
of evolution, what
comes next?
WA L L S D O N ’ T W O R K
B u t w e k e e p b u i l d i n g t h e m !
And
w
e are still
building
them
and
they
are still
ineffective and
very
expensive
91. W H At D I D W E L E A R N !
C o n c e n t r i c d e f e n c e l a y e r s w o r k ( i s h ) ?
N o t s o i f t h e y a r e :
F i x e d
U n c h a n g i n g
U n r e s p o n s i v e
S l o w t o e v o l v e
L a c k i n t e l l i g e n c e
P o o r l y m a i n t a i n e d
O p e r a t e i n i s o l a t i o n
N o t w h o l l y i n t e g r a t e d
N o t f u l l y a n t i c i p a t o r y
H u b
L A N
S w i t c h
C P E
H u b
L A N
S w i t c h
C P E
I S P
C L O U D ( s )
S e c u r i t y a t
e v e r y l a y e r
h a s t o b e
d y n a m i c &
a d a p t a b l e
92. Assessment
S e c t o r R e a l i t y 2 0 2 0
Attacks escalating
Our exposure is growing
Attackers are winning the war
Attacker get richer by the year
Our defences are not 100% effective
We need to collaborate and share all
We are largely disorganised and underinvesting
People remain our single biggest attack risk
All our security tools are reactive & mostly outdated
Best market model appears to be the airline industry
93. Assessment
S e c t o r R e a l i t y 2 0 2 0
Attacks escalating
Our exposure is growing
Attackers are winning the war
Attacker get richer by the year
Our defences are not 100% effective
We need to collaborate and share all
We are largely disorganised and underinvesting
People remain our single biggest attack risk
All our security tools are reactive & mostly outdated
Best market model appears to be the airline industry
We present an easy
and very attractive
Opportunity for cyber
hackers and/or
criminals
94. Collaboration
A i r l i n e s m o d e l 2 0 2 0
Safety record is all
Embraces entire industry
Every accident is investigated
All incident reports are open & shared
Safety communication is pilot/operator centric
Industries, manufacturers, governments all committed
Well organised and structured with a high level of accountability
Passenger and crew safety is the single biggest concern and success metric
95. Collaboration
A i r l i n e s m o d e l 2 0 2 0
Safety record is all
Embraces entire industry
Every accident is investigated
All incident reports are open & shared
Safety communication is pilot/operator centric
Industries, manufacturers, governments all committed
Well organised and structured with a high level of accountability
Passenger and crew safety is the single biggest concern and success metric
96. Collaboration
A i r l i n e s m o d e l 2 0 2 0
Safety record is all
Embraces entire industry
Every accident is investigated
All incident reports are open & shared
Safety communication is pilot/operator centric
Industries, manufacturers, governments all committed
Well organised and structured with a high level of accountability
Passenger and crew safety is the single biggest concern and success metric
Flying is generally
the safest mode
transport globally
as a result of this
model
Cyber security is in
need of something
very similar if it is
ever to migrate out
of The victim mode
97. • No transgressions
• Work up to the limit
• Keep within the spirit & word
• Our responsibility to keep up to date
• Seek legal advice on latitude
• Special dispensations may be possible
• National security/intelligence may help
• In general the Buck ends with you !
C o n s t r a i n t s
O u r f r e e d o m s a r e l i m i t e d
Legal system
Codes of practice
Ethical principles
Moral responsibilities
99. The eNemy Innovates fast
T h i n g s l i k e t h i s p o p u p a l m o s t w e e k l y !
100. A t t a c k T y p e s
W i t h a g r o w i n g s p e c i e s c a t a l o g u e
R e a l T i m e
D e l a y e d
O p e n &
O b v i o u s
I n v i s i b l e
S t e a l t h
R e a d i l y o r
E v e n t u a l l y
I d e n t i f i a b l e
D i f f i c u l t o r
I m p o s s i b l e
t o I d e n t i f y
Disguised
H i d d e n
M a y o r m a y
not (ever) be
d i s c o v e r e d
101. A t t a c k T y p e s
W i t h a g r o w i n g s p e c i e s c a t a l o g u e
R e a l T i m e
D e l a y e d
O p e n &
O b v i o u s
I n v i s i b l e
S t e a l t h
R e a d i l y o r
E v e n t u a l l y
I d e n t i f i a b l e
D i f f i c u l t o r
I m p o s s i b l e
t o I d e n t i f y
Disguised
H i d d e n
M a y o r m a y
not (ever) be
d i s c o v e r e d
Sophisticated
criminal group
technology
Rogue/nation
state espionage
OR WEAPONISED
Rogue/nation
state espionage
OR WEAPONISED
Hacker/groups
conventional
techniques
102. D e f e n c e e s s e n c e
S p e e d o f d e t e c t i o n , r e s p o n s e & a d a p t a t i o n
1) Our own passivity is the biggest danger
2) The attacker agility and innovation our biggest challenge
3) Attackers have the first mover advantage & get to choose everything
4) Human defenders cannot be vigilant and prepared 24 x 365 year-on-year
5) Situational awareness is key & rooted in Data/Information gathering/analysis
6) Machines, AI, Machine Learning are key to solving (4 & 5) and giving us the edge
7) The application of anticipatory techniques is still in its infancy and needs investment!
8) Disparate companies, groups and government almost all the components we need
9) It is essential that these resources (8) are brought to bear and integrated with (5 -7)
8) We might just win this war, but not without changing the way we think and operate!
103. M I N D S E T S
A d i f f e re n t p e r s p e c t i ve
https://
www.y
outube.
com/
watch?
v=X7rh
ovBK_e
A
Audio Book
https://www.youtube.com/watch?v=X7rhovBK_eA
Written 5th C BC
Most important points:
Information matters and an educated guess is
better than a gut decision
Generals should be adept at the "military calculus"
of accounting for anything and everything that
could affect the outcome of a battle
104. M I N D S E T S
P r o v o c a t i v e s t i m u l a t i o n
More Quotes by famous generals and philosophers
https://bit.ly/2VVJ6Hm
More Quotes by Sun Tzu
https://bit.ly/2VVJ6Hm
BEST Quotes by Sun Tzu
https://bookroo.com/quotes/the-art-of-war
“The supreme art of war is to subdue the enemy
without fighting”
“To know your enemy you must become your
enemy”
105. 1) There is always a threat
2) It is always in a direction you’re not looking
3) Perceived risk/threat never equals reality
4) Nothing is ever 100% secure
5) People are always the primary risk
6) Resources are deployed inversely proportional to actual risk
7) You need two security groups - defenders and attackers
8) Security & operational requirements are mutually exclusive
9) Legislation is always > X years behind
Security Laws
I m m u t a b l e S i n c e 1 9 9 0
106. Security Laws
I m m u t a b l e S i n c e 1 9 9 0
10) Security standards are an oxymoron
11) Security people are never their own customer
12) Cracking systems is far more fun than defending them
13) Hackers are smarter than you - they are younger!
14) Hackers are not the biggest threat - governments are!
15) As life becomes faster it becomes less secure
16) Connectivity and data half lives are getting shorter too
17) We are most at risk during a time of transition
18) The weakest link generally defines the outcome
107. p a r A D O X 1
Wa r G a m e s a n d D e f e n c e
“The military play all day and occasionally go to war”
“We are ay war every day and never play”
108. pA r A D O X 2
N o re t a l i a t o r y d e f e n c e
BY
and
large
w
e
know
w
ho
the
attackers
are
and
w
here
they
reside
but
opt
to
do
nothing
the
enem
y
have
sim
ply
adopted
our
technologies
and
used
them
as
w
eapons
against
us
109. T o S u r v i v e
We n e e d t o b e c o m e u n i t e d
“Failure the greatest teacher is”
110. T o S u r v i v e
We n e e d t o b e c o m e u n i t e d
Well Funded R&D
Global Sharing Culture
Tools, Tech & Info Sharing
Proactive Defence Strategies
Skills & Expertise Cooperation
Fast to Respond to/Report Threats
Cooperative Creativity
Engage in Workable Legislation
Help Formulate Law Frameworks
Virtualised Every Aspect of Cyber Defence
Formulate a Rapid Attack/Punitive Responses
“The Art of War
read you must”
111. C Y B E R C R I M E
A b r i d g e d h i s t o r y a n d c o s t
Banking Malware
Crypto-Currency Attacks
Bitcoin Wallet Stealer
Device & Account Hijacking
RansomeWare
EPoS Attack
Fake News
Propaganda
Social Engineering
DoS, DDoS
Infected eMail
RansomeWare
Identity Theft
DNS Attack
BotNets
Site Sabotage
SQL Attack
Spam
Identity Theft
Phishing
Trojan
Worms
Virus
1997
2004
2007
Estimated
>>1000 Bn
Attacks
Total
> $5000 Bn
Cost of
global
cyber
crime
Today
2013
Almost all attacks/attack-types can be traced back to
the exploiting of individuals who have volunteered
vital info by falling victim to scams, spams/trickery,
bribery, corruption, blackmail, honeypots…
Social engineering is one of the most powerful tools to be
widely exploited by the ‘Dark Side’ - and the approach
can span to dumb and very obvious to the highly
sophisticated and hard to detect
112. C Y B E R C R I M E
A b r i d g e d h i s t o r y a n d c o s t
Banking Malware
Crypto-Currency Attacks
Bitcoin Wallet Stealer
Device & Account Hijacking
RansomeWare
EPoS Attack
Fake News
Propaganda
Social Engineering
DoS, DDoS
Infected eMail
RansomeWare
Identity Theft
DNS Attack
BotNets
Site Sabotage
SQL Attack
Spam
Identity Theft
Phishing
Trojan
Worms
Virus
1997
2004
2007
Estimated
>>1000 Bn
Attacks
Total
> $5000 Bn
Cost of
global
cyber
crime
Today
2013
Almost all attacks/attack-types can be traced back to
the exploiting of individuals who have volunteered
vital info by falling victim to scams, spams/trickery,
bribery, corruption, blackmail, honeypots…
Social engineering is one of the most powerful tools to be
widely exploited by the ‘Dark Side’ - and the approach
can span to dumb and very obvious to the highly
sophisticated and hard to detect
W
a
tch
som
e
crim
e
hEist
spy
m
ov
ies
rea
d
detectiv
e
n
ov
els
k
eep
up
w
ith
security
dev
elopm
en
ts
To
get
a
grip
on
deception
rea
d
on
m
a
gic
a
n
d
m
a
gicia
n
s
w
a
tch
som
e
rela
ted
m
ov
ies
113. S e g u e : S t u x n e t
S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e
Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r
O n l y i n t e r e s t e d i n M S O S
H u n t e r K i l l e r S p e c i e s
2 0 1 0
A t t a c k
N e v e r
A t t r i b u t e d
C I A - M o s s a d
P r i m a r y S u s p e c t s
G e n e r a l S p e c i e s
f o r S a l e o n D a r k W e b
114. c y b e r a t t a c k
P r i m a r y M o t i v a t i o n s J a n 2 0 1 9
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/
Prime Motivation
Making $$$$
Prime Motivation
Trade Secrets
Military
Security
Prime Motivation
Political, Commercial
and Social Change
Prime Motivation
Domination and
TakeOver
116. M y F o r e c a s t
T h e n u m b e r O n e f o r 2 0 2 0
A target rich opportunity:
• A wealthy technophobic organisation and customers
• Processes, protocols and methodologies well known
• Millions of people involved with dispersed offices
• Multiple points of access PSTN, VOIP, Network+
• Staff trained to help customers BIG and small
++++
• Many possible attack modes: Phishing, Whaling,
Malware, Man-in-the-Middle, Insider, Contractor,
bribery, corruption, coercion
117. C Y B E R At ta c k e r s
R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s
Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Almost all attacks/attack-types can be
traced back to human fallibility and
ambition exploitation
118. C Y B E R At ta c k e r s
R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s
Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated Effort
Extremely Profitable
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
Influence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated Effort
Political Influencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
Almost all attacks/attack-types can be
traced back to human fallibility and
ambition exploitation
Short
Game
Low
Gain
Medium
Game
Medium
Gain
Long
Game
Massive
Gain
Sophistication
Investment
Complexity
ROI
119. S tat u s Q u o
C y b e r C r i m e E c o n o m y
E A S Y E N T R Y 1
M o s t l y v e r y p o o r p r o t e c t i o n
B e h i n d t h e
F i r e W a l l
i n o n e
s m a l l
s t e p
N o P a s s w o rd s
E a s y P a s s w o r d s
F a c t o r y D e f a u l t
120. E A S Y E N T R Y 2
M o s t l y v e r y p o o r p r o t e c t i o n
121. E A S Y M o n e y
L o w c o s t h u m a n / ro b o t a t t a c k s
122. P h i s h i n g
E x p o n e n t i a l G r o w t h
Criminals are in a race against security teams
looking to shut them down
Security teams report phishing URLs
regularly, but some criminals use web hosts/
domains that ignore reports
Most kits have a short life, and the phishing
window is growing smaller
H i g h l y s u c c e s s f u l / p r o f i t a b l e ;
a n d v e r y e a s y t o a u t o m a t e f o r
T X T a n d s p e e c h
123. P h i s h i n g
E x p o n e n t i a l G r o w t h
o f S p e c i e s s e e s a ra p i d
S h o r t e n i n g L i f e t i m e s
Days to Deactivation
Cumulative%ofKitsDeactivated
25%
50%
75%
100% Cumulative % of kits deactivated
0 40 80 120 160 200
124. P h i s h i n g
E x p o n e n t i a l I n n o v a t i o n
Akamai
126. D E F E N CE I N D U S T R Y
W h e n a c u s t o m e r b e c o m e s a n e n e m y
Kill Switch
Disable Signal
Destruct Command
Assume Control Portal
Information/Data Gathering
127. O F F T H E R EC O R D
A l m o s t n o t h i n g i s a s i t a p p e a r s
128. m a l w a r e
A ‘c o m m e rc i a l ’ s a m p l e
Cerber – Malicious email file affecting system OS - steals user’s info to extort money
RaaS – (Ransomware-as-a-Service) Hackers make money by selling/using this product
Emotet – Originally a banking Trojan, but evolved as a full-scale Bot threat.
Botnets – Used for DDOS attacks, SPAM distribution, data stealing, self organising
Crypto-mining Malware – Distributed computing for cryptojacking - using your FLOPs
129. D D o S T y p e s
T h e m a i n a t t a c k c h a ra c t e r i s t i c s
Volumetric: Consumes network, service, link bandwidth to create congestion/paralysis
TCP State Exhaustion: Kills core routers, firewalls & application servers - services unusable
Application Layer: Target websites, databases & app services. Perhaps the most sophisticated
/stealthy - very difficult to detect using common flow-based monitoring
https://www.scss.tcd.ie/publications/theses/diss/2018/TCD-SCSS-DISSERTATION-2018-046.pdf
130. DDoS Deception
I s t h i s t h e m a i n a c t - o r n o t ?
Not So Obvious: Distraction to
conceal more sinister activities?
132. W H AT W E D E T E C T
P o s s i b l y j u s t t h e t i p o f a n i c e b e r g !
We need to start looking below the surface
of obviousness for the hidden sophistication
of the many stealth attacks that we suspect
are happening that we cannot see!
Ransomeware
Phishing
Crypto-WalletDoD/DDoS
SQLi // XSS
Man-in-The Middle
URL Spoofing
Cloaking
Malware
Covert Plant
Visitors
Insiders
Outsiders
Alongsiders
Customers
Contractors
WiFi
Tunnels
Implants
Malware
Networks
Diversions
Brute Force
Decoys
133. V i ta l M e a s u r e r s
M i n i m a l t o M a x i m a l S e c u r i t y
P h y s i c a l S e c u r i t y
S t r o n g P a s s w o r d s
F i r e W a l l , P N , V P N
M a l w a r e P r o t e c t i o n
S t r o n g E n c r y p t i o n
G e n e r a P u b l i c K e y
A u t h e n t i c a t i o n
C e r t i f i c a t i o n
( N F a c t o r, M P a t h )
P e n e t r a t i o n D e t e c t i o n
a t K e y I n t e r f a c e P o i n t s
B e h a v i o u r a l A n a l y s i s o f
N e t , M a c h i n e s , P e o p l e
M o n i t o r f o r a l l P r e - C u r s o r
E v e n t I n d i c a t o r s
C r e a t e / J o i n I n f o r m a t i o n
S h a r i n g N e t w o r k s a c r o s s
t h e i n d u s t r y
134. P h y s i c a l M e a s u r e r s
M i n i m a l t o M a x i m a l S e c u r i t y
S e c u r e E n t r y S i t e & B u i l d i n g
D u p l i c a t e d /
T r i p l i c a t e d
P o w e r / F i b r e
B r e a k F r e e
P o w e r w i t h
B a t t e r i e s
G e n e r a t o r s
2 / 3 U t i l i t i e s
S u p p l y S i t e
5 0 k m f r o m
a n y A i r p o r t
135. V i ta l M e a s u r e r s
T h e m i n i m a l s e c u r i t y p r o t e c t i o n
failures
C o m m o n M o d e
O n e r o a d i n
a n d o u t i s n o t
a g o o d i d e a !
136. F o c u s e d
M e a s u r e r s
T e c h n i c a l S e c u r i t y
137. F o c u s e d
M e a s u r e r s
T e c h n i c a l S e c u r i t y
A i r L o c k
S t r i p D o w n
A u t h o r i s e d
E n t r y O n l y
G e n e r a l
A c c e s s
O p e n
L i m i t e d
A c c e s s
Z o n e d
T i m e d
C a m e r a s
H e a t S e n s o r s
M o t i o n S e n s o r s
L o c a t i o n P r o x i m i t y S e n s o r s
I n v i s i b l e X - X L a s e r B e a m s
138. S e g u e
S t a g e L e f t
O f f T h e R e c o r d P l a y T i m e
I d o n o t r e c o m m e n d y o u t r y a n y
o f t h i s - i t i s a l l a p a r t o f m y
p e r s o n a l m i s s i o n t o m a k e t h e
w o r l d a s a f e r p l a c e
139. Hobbies !
W e i r d / C r a z y ?
- A i r l i n e s e c u r i t y
- P u b l i c t a r g e t s
- B r e a k i n g i n
- S o c i a l d a t a
+ + + +
140. Tunnel Vision
T h e a t t a c k e r s f r i e n d
“ E n d r u n n i n g s y s t e m s
i s d e f i n i t e l y o n e o f
m y f a v o u r i t e s ”
142. C a r e l e s s
L o n d o n i s a s a f e c i t y !
I was working in London
and stopped for a coffee
break in Soho…
Soho
143. C a r e l e s s
L o n d o n i s a s a f e c i t y !
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what my
mobile phone could see as he booted up !
Coffee Shop Protocol
• Sit as far back from the door as possible ;
ideally with no one to the rear or the sides
• Check for overhead cameras
• Do not wear identifying insignia of any kind
• Do not boot up to an identifying company,
country, government, agency badge
• Check and be aware N, E, S, W
144. LOUD & RUDE
There is always a price to pay !
The group next to my colleague
had just chanced upon the perfect
name for their new company.
So he bought the domain name and
all the variants before they had
completed their meeting!
145. O p P o r t u n i s t
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
146. O p P o r t u n i s t
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal Affairs Advisor
DAY 2: Pass Card as a member of staff
147. O p P o r t u n i s t
Unintended revelations & consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for an undefined meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal Affairs Advisor
DAY 2: Pass Card as a member of staff
I Was Invited to Test a
Companies Revised Security
My way in was to simply massage my security
pass from visitor to employee
I then played the role of an old boy not really
up to the modern world of IT and so many
wonderfully kind people came forward to help
me access networks, rooms and facilities
My secret? Wear a suite and a tie & look very
respectable…everyone knows that hackers
wear hoodies!
148. G O T O
R e s o u r c e s 4 U
petercochrane.com
Broadcom/Symantic Crowdstrike
Cisco, IBM
Akamai Varonis
Gartner, Aon, UKGov DDCMS. MimeCast
BitSight,TrendMicro, FCA Juniper, RAND, Kaspersky
149. Things that Think want to Link
and
Things that Link want to Think
F I N - Q & A ?
www.petercochrane.com