SlideShare une entreprise Scribd logo

Mobile #Infosec hackathon for journalists(2)

T
Tanja Drca

Hackathon for Journalists in Brussels on Feb 4th.

Mobile
1  sur  18
Télécharger pour lire hors ligne
#INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism 09:00 ARRIVAL & REGISTRATIONS 09:15 PLENARY: #INFOSEC FOR JOURNALISTS 10:00 BREAK & COFFEE 10:15 #INFOSEC HACKATHON FOR JOURNALISTS with NE_1 11:15 WRAP-UP & DEBATE 12:00 END
#INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism Tanja Drca | CCO at Necunos | Mobile Security Enthusiast, Engineer @tanjadrca @necunoscom WELCOME TO THE ERA OF THE HIGHLY RESOURCED MOBILE INFRASTRUCTURE ATTACKS Tanja Drca | Necunos | @tanjadrca
Tanja Drca | Necunos | @tanjadrca
#HackForJournalism INTRODUCING MOST SOPHISTICATED SPYWARE EVER KNOWN: PEGASUS. Material based on 1. Pegasos Product Description by vendor company NSO Group, sent via email to Italian surveillance malware vendor Hacking Team. Leaked email, with attached file was released on WikiLeaks on July 8th 2015 along with more that 1 million other emails from Hacking Team. 2. The Citizen Lab ‘Targeted Threats’ research, which reports a 10-part series on the abuse of NSO Group’s spyware. Referenced materials are collected from published reports on The Citizen Lab’s web page. 3. Lookout, Technical Analysis of Pegasus Spyware. An Investigation Into Highly Sophisticated Espionage Software. Range-free installation No Phishing needed Impossible to detect by target Self-destructive Full data collection Resilient to 'burner'-method
#HackForJournalism INTRODUCING MOST SOPHISTICATED SPYWARE EVER KNOWN: PEGASUS. Material: 8,9 Born in 2009 IN UAE No Phishing needed Used undisclosed vulnerability in Apple's iMessage software In 2016-2017 used against hundreds of targets across the Middle East Used by project "Raven" according to Reuters Investigates, on Jan 30th HAS A "LITTLE SISTER": KARMA Used by UAE's Project "Raven" according to Reuters Investigate published on Jan 30th Reported targets included: -"The Iron Woman of Yemen", Tawakkol Karman - Qatar’s Emir Sheikh Tamim bin Hamad al-Thani - Hundreds of prominent Middle East political figures and activists across the region and, in some cases, Europe
#INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism Tanja Drca | CCO at Necunos | Mobile Security Enthusiast, Engineer @tanjadrca @necunoscom SHARE KNOWLEDGE AND EXPERIENCE, DEBATE, ANALYZE, LEARN, HACK
#INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism 09:15 PLENARY: #INFOSEC FOR JOURNALISTS 09:25 What is FOSS (Free and Open Source Software) and why is it important for journalists? 09:40 Security tools that you use today and why they aren't enough with Perugia Principles 09:50 Necunos Solution is simple, powerful and extremely hard to make.
Tanja Drca | Necunos | @tanjadrca WHAT IS FOSS? FREE AND OPEN SOURCE SOFTWARE - OR HARDWARE FREE AS IN FREEDOM FSF.ORG Access the source code Run the program as we wish, for any purpose Study and change how the program works Redistribute copies of the original, or modified versions.The term “free” indicates that the software does not have constraints on copyrights. WE ARE FREE TO:
FOSS =! OPEN SOURCE Source code is released under a license in which the copyright holder grants us the rights to.. Tanja Drca | Necunos | @tanjadrca Personal control, customization and freedom Privacy and security Low costs or no costs Quality, collaboration and efficiency FOSS BENEFITS: Open Source-based Android and WordPress
Tanja Drca | Necunos | @tanjadrca PROPRIETARY, CLOSED SYSTEMS Prohibit users from studying, changing and sharing the software with others. Lisences Closed code 3rd party corporations SO, WHY SHOULD YOU CARE? (Why) Is FOSS important for journalists? FOSS represents the 'civil rights' of the tech world It allows us to create transparent, secure tools which are not controlled by large corporations and their interests. It supports collaboration, freedom of speech and knowledge
SECURITY TOOLS JOURNALISTS USE TODAY AND WHY THEY ALONE AREN'T ENOUGH ENCRYPTION Chats, emails, instant messaging, hard drive. ANONYMITY TOR, SecureDrop, Tails NON-TECHNICAL STRATEGIES Tanja Drca | Necunos | @tanjadrca Technical limitations: - Key management in memory - =! Anonymity - Metadata not encrypted Operational limitations: - Usability issues - Digital divide Technical limitations: Operational limitations: - Web vulnerabilities - Execution on mobile devices - Source verification - Usability issues - Interference with Journalism Technical limitations: No technology =! Safe from it Face-to-Face, Not using smart devices Time limit?
FORBIDDEN STORIES AND THE DAPHNE PROJECT FROM TRAGEDY TO ACTION
Blueprint for Free Speech has launched a new report outlining how journalists can work responsibly to safeguard whistleblowers. Tanja Drca | Necunos | @tanjadrca https://blueprintforfreespeech.net/ 12 PRINCIPLES FOR WORKING WITH WHISTLEBLOWERS IN THE DIGITAL AGE #2 Provide safe ways for sources to make 'first contact' with you, where possible. ARE JOURNALISTS FUTURE #INFOSEC PROFESSIONALS? #3 Take responsibility for your digital defense and use encryption. Even though encryption may not completely defend your source, it offers important first-line protection. What are your other options? What's second-line protection? Is security source-driven? #7 Explain the risks of digital exposure.. ..train your whistleblowers in basic digital security. How big is your overall picture of digital security? #10 ..ensure any digital drop boxes for confidential sources and whistleblowers. ..offer a good level of security, and, for higher-risk materials, anonymity. Technical skills? Good level in security IRL vs. online
#INFOSEC HACKATHON FOR JOURNALISTS What makes these known spyware so powerful also makes them weak. Duopoly: iOS and Android Proprietary software Firmware Cellular modem 'Under the hood' = Same chips and components under different brands Linux-based free- and open software Firmware in WiFi chip - not accessible to the memory No cellular modem (weakest link) Available source code and documentation about the components Tanja Drca | Necunos | @tanjadrca
#INFOSEC HACKATHON FOR JOURNALISTS SOLUTION PROPOSAL BY NECUNOS Instead of developing security solutions on top of the rotten platforms, let's start from the beginning. Clean hardware and Software: Transparent, verifiable, auditable, open. Security tools by default: Extreme security in user-friendly package. Custom OS: Usability is crucial, we need your help. Tanja Drca | Necunos | @tanjadrca
#INFOSEC HACKATHON FOR JOURNALISTS WITH NC_1 #HackForJournalism Small groups: Choose in between awareness and hands on session 1. I have “NO SECRETS”, why I need #infosec? (awareness, hands on) 2. I need security beyond 'basics'. Let's hack together (hack session)
1. I HAVE “NO SECRETS”, WHY DO I NEED #INFOSEC? AWARENESS 1. Question form - google forms, do it anonymously - link: https://goo.gl/forms/EHc6xa36TXkCF0xL2 2. Discussion: Does 'no secrets' mean you shouldn't have privacy? 3. Who owns your nudes? Cloud services. Go trough terms of service from your cloud provider. Explain to us who owns your documents.
2. I NEED SECURITY BEYOND 'BASICS'. LET'S HACK TOGETHER (HACK SESSION) HANDS ON SESSION 1. Question form - google forms, do it anonymously - link: https://goo.gl/forms/EHc6xa36TXkCF0xL2 2. Design - What Necunos can provide - What do you need? What's crucial? Missing now? 3. From idea to product - How can we ensure usability - Funding and operation

Recommandé

IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Honeypot
HoneypotHoneypot
HoneypotSyeda Khadizatul maria
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 

Recommandé

IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...viaForensics
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Honeypot
HoneypotHoneypot
HoneypotSyeda Khadizatul maria
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)SACON - Deception Technology (Sahir Hidayatullah)
SACON - Deception Technology (Sahir Hidayatullah)Priyanka Aash
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data SecurityFrederik Questier
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to HoneypotsEmil Tan
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Hacking
Hacking Hacking
Hacking SahilGothoskar
 
Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Shimanaka Tohru
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
Cyber crime
Cyber crimeCyber crime
Cyber crimePankaj Kumawat
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Earthmouse: Mobile Guardian
Earthmouse: Mobile GuardianEarthmouse: Mobile Guardian
Earthmouse: Mobile Guardianearthmouse
 
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Shimanaka Tohru
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Tyler Shields
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
TECTECO V3.20160526.key (2)
TECTECO V3.20160526.key (2)TECTECO V3.20160526.key (2)
TECTECO V3.20160526.key (2)Mark De Simone
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 

Contenu connexe

Tendances

Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to HoneypotsEmil Tan
 
Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Shimanaka Tohru
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
Earthmouse: Mobile Guardian
Earthmouse: Mobile GuardianEarthmouse: Mobile Guardian
Earthmouse: Mobile Guardianearthmouse
 
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Shimanaka Tohru
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Tyler Shields
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 

Tendances (20)

Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to Honeypots
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Hacking
Hacking Hacking
Hacking
 
Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...Cyber Deception After Detection: Safe Observation Environment Using Software ...
Cyber Deception After Detection: Safe Observation Environment Using Software ...
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Earthmouse: Mobile Guardian
Earthmouse: Mobile GuardianEarthmouse: Mobile Guardian
Earthmouse: Mobile Guardian
 
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN A...
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first session
 
Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011Blackhat USA Mobile Security Panel 2011
Blackhat USA Mobile Security Panel 2011
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 

Similaire à Mobile #Infosec hackathon for journalists(2)

TECTECO V3.20160526.key (2)
TECTECO V3.20160526.key (2)TECTECO V3.20160526.key (2)
TECTECO V3.20160526.key (2)Mark De Simone
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapalibuildersreviews
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackTim Mackey
 
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...Aggregage
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsMaurice Dawson
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Trustless Computing Initiative
Trustless Computing InitiativeTrustless Computing Initiative
Trustless Computing InitiativeTRUSTLESS.AI
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)securitySoftware Guru
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
 
Digital Networks & Platform Business Models (Masterclass)
Digital Networks & Platform Business Models (Masterclass)Digital Networks & Platform Business Models (Masterclass)
Digital Networks & Platform Business Models (Masterclass)Benjamin Tincq
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 

Similaire à Mobile #Infosec hackathon for journalists(2) (20)

TECTECO V3.20160526.key (2)
TECTECO V3.20160526.key (2)TECTECO V3.20160526.key (2)
TECTECO V3.20160526.key (2)
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
 
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
 
Security Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of ThingsSecurity Solutions for Hyperconnectivity and the Internet of Things
Security Solutions for Hyperconnectivity and the Internet of Things
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Trustless Computing Initiative
Trustless Computing InitiativeTrustless Computing Initiative
Trustless Computing Initiative
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
Mobile Day - App (In)security
Mobile Day - App (In)securityMobile Day - App (In)security
Mobile Day - App (In)security
 
Internet
InternetInternet
Internet
 
expert tips
expert tipsexpert tips
expert tips
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
 
Digital Networks & Platform Business Models (Masterclass)
Digital Networks & Platform Business Models (Masterclass)Digital Networks & Platform Business Models (Masterclass)
Digital Networks & Platform Business Models (Masterclass)
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 

Dernier

Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Dernier (7)

Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 

Mobile #Infosec hackathon for journalists(2)

  • 1. #INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism 09:00 ARRIVAL & REGISTRATIONS 09:15 PLENARY: #INFOSEC FOR JOURNALISTS 10:00 BREAK & COFFEE 10:15 #INFOSEC HACKATHON FOR JOURNALISTS with NE_1 11:15 WRAP-UP & DEBATE 12:00 END
  • 2. #INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism Tanja Drca | CCO at Necunos | Mobile Security Enthusiast, Engineer @tanjadrca @necunoscom WELCOME TO THE ERA OF THE HIGHLY RESOURCED MOBILE INFRASTRUCTURE ATTACKS Tanja Drca | Necunos | @tanjadrca
  • 3. Tanja Drca | Necunos | @tanjadrca
  • 4. #HackForJournalism INTRODUCING MOST SOPHISTICATED SPYWARE EVER KNOWN: PEGASUS. Material based on 1. Pegasos Product Description by vendor company NSO Group, sent via email to Italian surveillance malware vendor Hacking Team. Leaked email, with attached file was released on WikiLeaks on July 8th 2015 along with more that 1 million other emails from Hacking Team. 2. The Citizen Lab ‘Targeted Threats’ research, which reports a 10-part series on the abuse of NSO Group’s spyware. Referenced materials are collected from published reports on The Citizen Lab’s web page. 3. Lookout, Technical Analysis of Pegasus Spyware. An Investigation Into Highly Sophisticated Espionage Software. Range-free installation No Phishing needed Impossible to detect by target Self-destructive Full data collection Resilient to 'burner'-method
  • 5. #HackForJournalism INTRODUCING MOST SOPHISTICATED SPYWARE EVER KNOWN: PEGASUS. Material: 8,9 Born in 2009 IN UAE No Phishing needed Used undisclosed vulnerability in Apple's iMessage software In 2016-2017 used against hundreds of targets across the Middle East Used by project "Raven" according to Reuters Investigates, on Jan 30th HAS A "LITTLE SISTER": KARMA Used by UAE's Project "Raven" according to Reuters Investigate published on Jan 30th Reported targets included: -"The Iron Woman of Yemen", Tawakkol Karman - Qatar’s Emir Sheikh Tamim bin Hamad al-Thani - Hundreds of prominent Middle East political figures and activists across the region and, in some cases, Europe
  • 6. #INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism Tanja Drca | CCO at Necunos | Mobile Security Enthusiast, Engineer @tanjadrca @necunoscom SHARE KNOWLEDGE AND EXPERIENCE, DEBATE, ANALYZE, LEARN, HACK
  • 7. #INFOSEC HACKATHON FOR JOURNALISTS #HackForJournalism 09:15 PLENARY: #INFOSEC FOR JOURNALISTS 09:25 What is FOSS (Free and Open Source Software) and why is it important for journalists? 09:40 Security tools that you use today and why they aren't enough with Perugia Principles 09:50 Necunos Solution is simple, powerful and extremely hard to make.
  • 8. Tanja Drca | Necunos | @tanjadrca WHAT IS FOSS? FREE AND OPEN SOURCE SOFTWARE - OR HARDWARE FREE AS IN FREEDOM FSF.ORG Access the source code Run the program as we wish, for any purpose Study and change how the program works Redistribute copies of the original, or modified versions.The term “free” indicates that the software does not have constraints on copyrights. WE ARE FREE TO:
  • 9. FOSS =! OPEN SOURCE Source code is released under a license in which the copyright holder grants us the rights to.. Tanja Drca | Necunos | @tanjadrca Personal control, customization and freedom Privacy and security Low costs or no costs Quality, collaboration and efficiency FOSS BENEFITS: Open Source-based Android and WordPress
  • 10. Tanja Drca | Necunos | @tanjadrca PROPRIETARY, CLOSED SYSTEMS Prohibit users from studying, changing and sharing the software with others. Lisences Closed code 3rd party corporations SO, WHY SHOULD YOU CARE? (Why) Is FOSS important for journalists? FOSS represents the 'civil rights' of the tech world It allows us to create transparent, secure tools which are not controlled by large corporations and their interests. It supports collaboration, freedom of speech and knowledge
  • 11. SECURITY TOOLS JOURNALISTS USE TODAY AND WHY THEY ALONE AREN'T ENOUGH ENCRYPTION Chats, emails, instant messaging, hard drive. ANONYMITY TOR, SecureDrop, Tails NON-TECHNICAL STRATEGIES Tanja Drca | Necunos | @tanjadrca Technical limitations: - Key management in memory - =! Anonymity - Metadata not encrypted Operational limitations: - Usability issues - Digital divide Technical limitations: Operational limitations: - Web vulnerabilities - Execution on mobile devices - Source verification - Usability issues - Interference with Journalism Technical limitations: No technology =! Safe from it Face-to-Face, Not using smart devices Time limit?
  • 12. FORBIDDEN STORIES AND THE DAPHNE PROJECT FROM TRAGEDY TO ACTION
  • 13. Blueprint for Free Speech has launched a new report outlining how journalists can work responsibly to safeguard whistleblowers. Tanja Drca | Necunos | @tanjadrca https://blueprintforfreespeech.net/ 12 PRINCIPLES FOR WORKING WITH WHISTLEBLOWERS IN THE DIGITAL AGE #2 Provide safe ways for sources to make 'first contact' with you, where possible. ARE JOURNALISTS FUTURE #INFOSEC PROFESSIONALS? #3 Take responsibility for your digital defense and use encryption. Even though encryption may not completely defend your source, it offers important first-line protection. What are your other options? What's second-line protection? Is security source-driven? #7 Explain the risks of digital exposure.. ..train your whistleblowers in basic digital security. How big is your overall picture of digital security? #10 ..ensure any digital drop boxes for confidential sources and whistleblowers. ..offer a good level of security, and, for higher-risk materials, anonymity. Technical skills? Good level in security IRL vs. online
  • 14. #INFOSEC HACKATHON FOR JOURNALISTS What makes these known spyware so powerful also makes them weak. Duopoly: iOS and Android Proprietary software Firmware Cellular modem 'Under the hood' = Same chips and components under different brands Linux-based free- and open software Firmware in WiFi chip - not accessible to the memory No cellular modem (weakest link) Available source code and documentation about the components Tanja Drca | Necunos | @tanjadrca
  • 15. #INFOSEC HACKATHON FOR JOURNALISTS SOLUTION PROPOSAL BY NECUNOS Instead of developing security solutions on top of the rotten platforms, let's start from the beginning. Clean hardware and Software: Transparent, verifiable, auditable, open. Security tools by default: Extreme security in user-friendly package. Custom OS: Usability is crucial, we need your help. Tanja Drca | Necunos | @tanjadrca
  • 16. #INFOSEC HACKATHON FOR JOURNALISTS WITH NC_1 #HackForJournalism Small groups: Choose in between awareness and hands on session 1. I have “NO SECRETS”, why I need #infosec? (awareness, hands on) 2. I need security beyond 'basics'. Let's hack together (hack session)
  • 17. 1. I HAVE “NO SECRETS”, WHY DO I NEED #INFOSEC? AWARENESS 1. Question form - google forms, do it anonymously - link: https://goo.gl/forms/EHc6xa36TXkCF0xL2 2. Discussion: Does 'no secrets' mean you shouldn't have privacy? 3. Who owns your nudes? Cloud services. Go trough terms of service from your cloud provider. Explain to us who owns your documents.
  • 18. 2. I NEED SECURITY BEYOND 'BASICS'. LET'S HACK TOGETHER (HACK SESSION) HANDS ON SESSION 1. Question form - google forms, do it anonymously - link: https://goo.gl/forms/EHc6xa36TXkCF0xL2 2. Design - What Necunos can provide - What do you need? What's crucial? Missing now? 3. From idea to product - How can we ensure usability - Funding and operation