The Snowden Affair”
Total Page:16
File Type:pdf, Size:1020Kb
Lessons from “the Snowden Affair” @haroonmeer September 2014 What this talk is not IT DOESN’T MATTER CREST BUGSY CRISSCROSS A-PLUS BULLRUN DYNAMO GUMFISH LFS-2 CROSSBEAM ACRIDMINI BULLSEYE EBSR GURKHASSWORD LHR CROSSEYEDSLOTH AGILEVIEW BUMBLEBEEDANCE EDGEHILL HACIENDA LIFESAVER CRUMPET AGILITY BYSTANDER EINSTEIN HAMMERMILL LITHIUM CRYOSTAT AIGHANDLER BYZANTINEANCHOR ELATE HAPPYFOOT LOCKSTOCK CRYPTOENABLED AIRBAG BYZANTINEHADES ELEGANTCHAOS HAWKEYE LONGHAUL CULTWEAVE AIRGAP/COZEN CADENCE ENDUE HC12 LONGRUN CUSTOMS AIRWOLF CANDYGRAM ENTOURAGE HEADMOVIES LONGSHOT CYBERCOMMANDCONSOLE ALLIUMARCH CANNONLIGHT EVENINGEASEL HIGHCASTLE LOPERS CYCLONE ALTEREGOQFD CAPTIVATEDAUDIENCE EVILOLIVE HIGHLANDS LUMP DANCINGBEAR ANCESTRY CARBOY EWALK HIGHTIDE LUTEUSICARUS DANCINGOASIS ANCHORY CASPORT EXCALIBUR HOLLOWPOINT MADCAPOCELOT DAREDEVIL ANTICRISISGIRL CASTANET EXPOW HOMEBASE MAGNETIC DARKFIRE ANTOLPPROTOSSGUI CCDP FACELIFT HOMEPORTAL MAGNUMOPUS DARKQUEST APERTURESCIENCE CDRDIODE FAIRVIEW HOMINGPIGEON MAINCORE DARKTHUNDER AQUADOR CERBERUS FALLOUT HUSHPUPPY MAINWAY ARTEMIS CERBERUSSTATISTICSCOLLECTION! FASCIA HUSK MARINA DEADPOOL ARTIFICE CHALKFUN FASHIONCLEFT IBIS MAUI DEVILSHANDSHAKE ASPHALT CHANGELING FASTSCOPE ICE MESSIAH DIALD ASSOCIATION CHAOSOVERLORD FATYAK ICREACH METROTUBE DIKTER ASTRALPROJECTION CHASEFALCON FET ICREAST METTLESOME DIRTYEVIL AUTOSOURCE CHEWSTICK FISHBOWL IMP MINERALIZE DISCOROUTE AXLEGREASE CHIPPEWA FOGGYBOTTOM INCENSER MINIATUREHERO DISHFIRE BABYLON CHOCOLATESHIP FORESTWARRIOR INDRA MIRAGE DISTANTFOCUS BALLOONKNOT CIMBRI FOXACID INSPECTOR MIRROR DISTILLERY BANYAN CINEPLEX FOXSEARCH INTELINK MOBILEHOOVER DIVERSITY BEARSCRAPE COASTLINE FOXTRAIL INTERQUAKE MONKEYROCKET DOCKETDICTATE BEARTRAP COBALTFALCON FRA IRONSAND MONSTERMIND DOGCOLLAR BELLTOPPER CONDUIT FREEFLOW ISHTAR MOONLIGHTPATH DOGHANDLER BERRYTWISTER CONJECTURE FREEZEPOST JACKKNIFE MOONPENNY DRAGGABLEKITTEN BERRYTWISTER+ CONTRAOCTAVE FRONTO JAZZFUSION MOUTH DRAGON'SSHOUT BINOCULAR CONVEYANCE FRUITBOWL JAZZFUSION+ MTI DROPMIRE BIRDSONG CORALINE FUNNELOUT JEDI MUGSHOT DRTBOX BIRDSTRIKE CORALREEF FUSEWIRE JEEPFLEA MURPHYSLAW DRUID BLACKHEART COTRAVELER GALAXY JILES MUSCULAR PACKAGEGOODS BLACKPEARL OCTSKYWARD GAMUT JTRIG MUSKETEER PANOPLY BLARNEY OILSTOCK GARLICK JTRIGRADIANTSPLENDOURMUSTANG PARCHDUSK BLUEANCHOR OLYMPIA GENESIS JUGGERNAUT MUTANTBROTH PATHFINDER BLUEZEPHYR OMNIGAT GENTE KAMPUS MYSTIC PBX BOMBAYROLL ONEROOF GEOFUSION KEYRUT NAMEJACKER PHOTONTORPEDO BOTANICREALTY ONIONBREATH GHOSTMACHINE KOALAPUNCH NCSC PICASSO BOUNDLESSINFORMANTOPTICNERVE GILGAMESH LADYLOVE NEBULA PINWALE BRANDYSNAP ORANGEBLOSSOM GLASSBACK LANDINGPARTY NEVIS What do we learn from it ? What should we do differently? Caveat: It’s a short talk Best begin at.. http://www.theguardian.com/world/2013/jun/06/nsa- phone-records-verizon-court-order http://www.washingtonpost.com/investigations/us-intelligence-mining-data- from-nine-us-internet-companies-in-broad-secret-program/ 2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html The extent of the leak? How many documents? http://www.reuters.com/article/2013/11/14/us-usa-security-nsa- idUSBRE9AD19B20131114 http://www.reuters.com/article/2013/11/14/us-usa-security-nsa-idUSBRE9AD19B20131114 http://world.time.com/2013/10/14/greenwald-on-snowden-leaks-the-worst-is-yet-to-come/ http://www.bbc.com/news/uk-25205846 They had no idea what he had Would You ? Are your execs properly trained ? http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits Attackers like that don’t care about me / us http://www.spiegel.de/international/europe/british-spy-agency- gchq-hacked-belgian-telecoms-firm-a-923406.html https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/ https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/ https://firstlook.org/theintercept/2014/09/14/nsa-stellar/ http://www.spiegel.de/international/world/snowden- documents-indicate-nsa-has-breached-deutsche- telekom-a-991503.html These guys were collateral damage Does collaboration protect you from getting hacked? http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/ 2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html How many times were they spotted ? Complete failure of detection & compartmentalisation http://www.verizonenterprise.com/DBIR/ The good news is… Do sophisticated attackers exist ? not estonia not headline sophisticated not estonia http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html Do sophisticated attackers exist ? This is profoundly important Device Based Security Anti Virus Pen Tests we said victory accomplished Device based Security Anti Virus http://www.wired.com/2012/06/internet-security-fail/ Anti Virus http://www.wired.com/2012/06/internet-security-fail/ Pen Tests http://blog.thinkst.com/2012/03/penetration-testing-considered-harmful.html We are not modelling the right threats Were all the attacks novel? Nope.. Not even the ANT stuff Many of these techniques were previously demonstrated Why didn't you know about them? talk graph - tscapes Q2 - 116 Security Events 257 conference days http://thinkst.com/ts/free Will the leaks make things better or worse? Intelligence reforms may or may not happen.. ! but, from the point of view of sophisticated attacks Courage is Contagious life imitates.. Caveat This doesn’t apply to everyone! biggest mistake is thinking you are all the same.. http://blog.thinkst.com/2013/01/your-companies-security-posture-is.html Summary • If everything is important, nothing is important • Your execs need training! • Sophisticated attackers do exist • It’s obvious the emperor has no clothes. • Things are going to get a lot worse for a bit Summary of Summary Understand your threat model Understand the space @haroonmeer http://thinkst.com/ts/free.