The Snowden Affair”

Lessons from “the Snowden Affair”

@haroonmeer September 2014

What this talk is not

IT DOESN’T MATTER CREST BUGSY CRISSCROSS A-PLUS BULLRUN DYNAMO GUMFISH LFS-2 CROSSBEAM ACRIDMINI BULLSEYE EBSR GURKHASSWORD LHR CROSSEYEDSLOTH AGILEVIEW BUMBLEBEEDANCE EDGEHILL HACIENDA LIFESAVER CRUMPET AGILITY BYSTANDER EINSTEIN HAMMERMILL LITHIUM CRYOSTAT AIGHANDLER BYZANTINEANCHOR ELATE HAPPYFOOT LOCKSTOCK CRYPTOENABLED AIRBAG BYZANTINEHADES ELEGANTCHAOS HAWKEYE LONGHAUL CULTWEAVE AIRGAP/COZEN CADENCE ENDUE HC12 LONGRUN CUSTOMS AIRWOLF CANDYGRAM ENTOURAGE HEADMOVIES LONGSHOT CYBERCOMMANDCONSOLE ALLIUMARCH CANNONLIGHT EVENINGEASEL HIGHCASTLE LOPERS CYCLONE ALTEREGOQFD CAPTIVATEDAUDIENCE EVILOLIVE HIGHLANDS LUMP DANCINGBEAR ANCESTRY CARBOY EWALK HIGHTIDE LUTEUSICARUS DANCINGOASIS ANCHORY CASPORT EXCALIBUR HOLLOWPOINT MADCAPOCELOT DAREDEVIL ANTICRISISGIRL CASTANET EXPOW HOMEBASE MAGNETIC DARKFIRE ANTOLPPROTOSSGUI CCDP FACELIFT HOMEPORTAL MAGNUMOPUS DARKQUEST APERTURESCIENCE CDRDIODE FAIRVIEW HOMINGPIGEON MAINCORE DARKTHUNDER AQUADOR CERBERUS FALLOUT HUSHPUPPY MAINWAY ARTEMIS CERBERUSSTATISTICSCOLLECTION! FASCIA HUSK MARINA DEADPOOL ARTIFICE CHALKFUN FASHIONCLEFT IBIS MAUI DEVILSHANDSHAKE ASPHALT CHANGELING FASTSCOPE ICE MESSIAH DIALD ASSOCIATION CHAOSOVERLORD FATYAK ICREACH METROTUBE DIKTER ASTRALPROJECTION CHASEFALCON FET ICREAST METTLESOME DIRTYEVIL AUTOSOURCE CHEWSTICK FISHBOWL IMP MINERALIZE DISCOROUTE AXLEGREASE CHIPPEWA FOGGYBOTTOM INCENSER MINIATUREHERO DISHFIRE BABYLON CHOCOLATESHIP FORESTWARRIOR INDRA MIRAGE DISTANTFOCUS BALLOONKNOT CIMBRI FOXACID INSPECTOR MIRROR DISTILLERY BANYAN CINEPLEX FOXSEARCH INTELINK MOBILEHOOVER DIVERSITY BEARSCRAPE COASTLINE FOXTRAIL INTERQUAKE MONKEYROCKET DOCKETDICTATE BEARTRAP COBALTFALCON FRA IRONSAND MONSTERMIND DOGCOLLAR BELLTOPPER CONDUIT FREEFLOW ISHTAR MOONLIGHTPATH DOGHANDLER BERRYTWISTER CONJECTURE FREEZEPOST JACKKNIFE MOONPENNY DRAGGABLEKITTEN BERRYTWISTER+ CONTRAOCTAVE FRONTO JAZZFUSION MOUTH DRAGON'SSHOUT BINOCULAR CONVEYANCE FRUITBOWL JAZZFUSION+ MTI DROPMIRE BIRDSONG CORALINE FUNNELOUT JEDI MUGSHOT DRTBOX BIRDSTRIKE CORALREEF FUSEWIRE JEEPFLEA MURPHYSLAW DRUID BLACKHEART COTRAVELER GALAXY JILES MUSCULAR PACKAGEGOODS BLACKPEARL OCTSKYWARD GAMUT JTRIG MUSKETEER PANOPLY BLARNEY OILSTOCK GARLICK JTRIGRADIANTSPLENDOURMUSTANG PARCHDUSK BLUEANCHOR OLYMPIA GENESIS JUGGERNAUT MUTANTBROTH PATHFINDER BLUEZEPHYR OMNIGAT GENTE KAMPUS MYSTIC PBX BOMBAYROLL ONEROOF GEOFUSION KEYRUT NAMEJACKER PHOTONTORPEDO BOTANICREALTY ONIONBREATH GHOSTMACHINE KOALAPUNCH NCSC PICASSO BOUNDLESSINFORMANTOPTICNERVE GILGAMESH LADYLOVE NEBULA PINWALE BRANDYSNAP ORANGEBLOSSOM GLASSBACK LANDINGPARTY NEVIS What do we learn from it ? What should we do differently? Caveat: It’s a short talk Best begin at.. http://www.theguardian.com/world/2013/jun/06/nsa- phone-records-verizon-court-order http://www.washingtonpost.com/investigations/us-intelligence-mining-data- from-nine-us-internet-companies-in-broad-secret-program/ 2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html The extent of the leak?

How many documents? http://www.reuters.com/article/2013/11/14/us-usa-security-nsa- idUSBRE9AD19B20131114 http://www.reuters.com/article/2013/11/14/us-usa-security-nsa-idUSBRE9AD19B20131114 http://world.time.com/2013/10/14/greenwald-on-snowden-leaks-the-worst-is-yet-to-come/ http://www.bbc.com/news/uk-25205846

They had no idea what he had Would You ? Are your execs properly trained ? http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits Attackers like that don’t care about me / us http://www.spiegel.de/international/europe/british-spy-agency- gchq-hacked-belgian-telecoms-ﬁrm-a-923406.html https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/ https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/ https://ﬁrstlook.org/theintercept/2014/09/14/nsa-stellar/ http://www.spiegel.de/international/world/snowden- documents-indicate-nsa-has-breached-deutsche- telekom-a-991503.html These guys were collateral damage Does collaboration protect you from getting hacked? http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/ 2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html How many times were they spotted ? Complete failure of detection & compartmentalisation http://www.verizonenterprise.com/DBIR/ The good news is… Do sophisticated attackers exist ? not estonia

not headline sophisticated not estonia http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html Do sophisticated attackers exist ? This is profoundly important Device Based Security Anti Virus

Pen Tests we said victory accomplished Device based Security Anti Virus

http://www.wired.com/2012/06/internet-security-fail/ Anti Virus

http://www.wired.com/2012/06/internet-security-fail/ Pen Tests

http://blog.thinkst.com/2012/03/penetration-testing-considered-harmful.html We are not modelling the right threats Were all the attacks novel? Nope.. Not even the ANT stuff Many of these techniques were previously demonstrated

Why didn't you know about them? talk graph - tscapes

Q2 - 116 Security Events 257 conference days http://thinkst.com/ts/free Will the leaks make things better or worse? Intelligence reforms may or may not happen..

! but, from the point of view of sophisticated attacks Courage is Contagious life imitates.. Caveat This doesn’t apply to everyone! biggest mistake is thinking you are all the same..

http://blog.thinkst.com/2013/01/your-companies-security-posture-is.html Summary

• If everything is important, nothing is important • Your execs need training! • Sophisticated attackers do exist • It’s obvious the emperor has no clothes. • Things are going to get a lot worse for a bit Summary of Summary

Understand your threat model Understand the space @haroonmeer http://thinkst.com/ts/free