SLIDE 1
Lessons from “the Snowden Affair”
September 2014
@haroonmeer
Lessons from the Snowden Affair @haroonmeer September 2014 What - - PowerPoint PPT Presentation
Lessons from the Snowden Affair @haroonmeer September 2014 What - - PowerPoint PPT Presentation
Lessons from the Snowden Affair @haroonmeer September 2014 What this talk is not IT DOESNT MATTER BUGSY CRISSCROSS A-PLUS GUMFISH LFS-2 BULLRUN DYNAMO CROSSBEAM ACRIDMINI GURKHASSWORD LHR BULLSEYE EBSR CROSSEYEDSLOTH
SLIDE 2
SLIDE 3
SLIDE 4
What this talk is not
SLIDE 5
SLIDE 6
IT DOESN’T MATTER
SLIDE 7
A-PLUS ACRIDMINI AGILEVIEW AGILITY AIGHANDLER AIRBAG AIRGAP/COZEN AIRWOLF ALLIUMARCH ALTEREGOQFD ANCESTRY ANCHORY ANTICRISISGIRL ANTOLPPROTOSSGUI APERTURESCIENCE AQUADOR ARTEMIS ARTIFICE ASPHALT ASSOCIATION ASTRALPROJECTION AUTOSOURCE AXLEGREASE BABYLON BALLOONKNOT BANYAN BEARSCRAPE BEARTRAP BELLTOPPER BERRYTWISTER BERRYTWISTER+ BINOCULAR BIRDSONG BIRDSTRIKE BLACKHEART BLACKPEARL BLARNEY BLUEANCHOR BLUEZEPHYR BOMBAYROLL BOTANICREALTY BOUNDLESSINFORMANT BRANDYSNAP BUGSY BULLRUN BULLSEYE BUMBLEBEEDANCE BYSTANDER BYZANTINEANCHOR BYZANTINEHADES CADENCE CANDYGRAM CANNONLIGHT CAPTIVATEDAUDIENCE CARBOY CASPORT CASTANET CCDP CDRDIODE CERBERUS CERBERUSSTATISTICSCOLLECTION CHALKFUN CHANGELING CHAOSOVERLORD CHASEFALCON CHEWSTICK CHIPPEWA CHOCOLATESHIP CIMBRI CINEPLEX COASTLINE COBALTFALCON CONDUIT CONJECTURE CONTRAOCTAVE CONVEYANCE CORALINE CORALREEF COTRAVELER OCTSKYWARD OILSTOCK OLYMPIA OMNIGAT ONEROOF ONIONBREATH OPTICNERVE ORANGEBLOSSOM CRISSCROSS CROSSBEAM CROSSEYEDSLOTH CRUMPET CRYOSTAT CRYPTOENABLED CULTWEAVE CUSTOMS CYBERCOMMANDCONSOLE CYCLONE DANCINGBEAR DANCINGOASIS DAREDEVIL DARKFIRE DARKQUEST DARKTHUNDER
- DEADPOOL
DEVILSHANDSHAKE DIALD DIKTER DIRTYEVIL DISCOROUTE DISHFIRE DISTANTFOCUS DISTILLERY DIVERSITY DOCKETDICTATE DOGCOLLAR DOGHANDLER DRAGGABLEKITTEN DRAGON'SSHOUT DROPMIRE DRTBOX DRUID PACKAGEGOODS PANOPLY PARCHDUSK PATHFINDER PBX PHOTONTORPEDO PICASSO PINWALE DYNAMO EBSR EDGEHILL EINSTEIN ELATE ELEGANTCHAOS ENDUE ENTOURAGE EVENINGEASEL EVILOLIVE EWALK EXCALIBUR EXPOW FACELIFT FAIRVIEW FALLOUT FASCIA FASHIONCLEFT FASTSCOPE FATYAK FET FISHBOWL FOGGYBOTTOM FORESTWARRIOR FOXACID FOXSEARCH FOXTRAIL FRA FREEFLOW FREEZEPOST FRONTO FRUITBOWL FUNNELOUT FUSEWIRE GALAXY GAMUT GARLICK GENESIS GENTE GEOFUSION GHOSTMACHINE GILGAMESH GLASSBACK GUMFISH GURKHASSWORD HACIENDA HAMMERMILL HAPPYFOOT HAWKEYE HC12 HEADMOVIES HIGHCASTLE HIGHLANDS HIGHTIDE HOLLOWPOINT HOMEBASE HOMEPORTAL HOMINGPIGEON HUSHPUPPY HUSK IBIS ICE ICREACH ICREAST IMP INCENSER INDRA INSPECTOR INTELINK INTERQUAKE IRONSAND ISHTAR JACKKNIFE JAZZFUSION JAZZFUSION+ JEDI JEEPFLEA JILES JTRIG JTRIGRADIANTSPLENDOUR JUGGERNAUT KAMPUS KEYRUT KOALAPUNCH LADYLOVE LANDINGPARTY LFS-2 LHR LIFESAVER LITHIUM LOCKSTOCK LONGHAUL LONGRUN LONGSHOT LOPERS LUMP LUTEUSICARUS MADCAPOCELOT MAGNETIC MAGNUMOPUS MAINCORE MAINWAY MARINA MAUI MESSIAH METROTUBE METTLESOME MINERALIZE MINIATUREHERO MIRAGE MIRROR MOBILEHOOVER MONKEYROCKET MONSTERMIND MOONLIGHTPATH MOONPENNY MOUTH MTI MUGSHOT MURPHYSLAW MUSCULAR MUSKETEER MUSTANG MUTANTBROTH MYSTIC NAMEJACKER NCSC NEBULA NEVIS
SLIDE 8
What do we learn from it ?
SLIDE 9
What should we do differently?
SLIDE 10
Caveat: It’s a short talk
SLIDE 11
Best begin at..
SLIDE 12
http://www.theguardian.com/world/2013/jun/06/nsa- phone-records-verizon-court-order
SLIDE 13
http://www.washingtonpost.com/investigations/us-intelligence-mining-data- from-nine-us-internet-companies-in-broad-secret-program/ 2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
SLIDE 14
The extent of the leak?
SLIDE 15
SLIDE 16
How many documents?
SLIDE 17
http://www.reuters.com/article/2013/11/14/us-usa-security-nsa- idUSBRE9AD19B20131114
SLIDE 18
http://www.reuters.com/article/2013/11/14/us-usa-security-nsa-idUSBRE9AD19B20131114
SLIDE 19
http://world.time.com/2013/10/14/greenwald-on-snowden-leaks-the-worst-is-yet-to-come/
SLIDE 20
http://www.bbc.com/news/uk-25205846
SLIDE 21
SLIDE 22
They had no idea what he had
SLIDE 23
Would You ?
SLIDE 24
Are your execs properly trained ?
SLIDE 25
http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks
SLIDE 26
http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks
SLIDE 27
http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits
SLIDE 28
http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits
SLIDE 29
Attackers like that don’t care about me / us
SLIDE 30
http://www.spiegel.de/international/europe/british-spy-agency- gchq-hacked-belgian-telecoms-firm-a-923406.html
SLIDE 31
https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/
SLIDE 32
https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/
SLIDE 33
https://firstlook.org/theintercept/2014/09/14/nsa-stellar/
SLIDE 34
http://www.spiegel.de/international/world/snowden- documents-indicate-nsa-has-breached-deutsche- telekom-a-991503.html
SLIDE 35
These guys were collateral damage
SLIDE 36
Does collaboration protect you from getting hacked?
SLIDE 37
SLIDE 38
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/ 2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
SLIDE 39
How many times were they spotted ?
SLIDE 40
Complete failure of detection & compartmentalisation
SLIDE 41
http://www.verizonenterprise.com/DBIR/
SLIDE 42
The good news is…
SLIDE 43
Do sophisticated attackers exist ?
SLIDE 44
not estonia not headline sophisticated
SLIDE 45
not estonia
SLIDE 46
http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html
SLIDE 47
http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html
SLIDE 48
Do sophisticated attackers exist ?
SLIDE 49
This is profoundly important
SLIDE 50
Anti Virus Device Based Security Pen Tests
SLIDE 51
we said victory accomplished
SLIDE 52
Device based Security
SLIDE 53
Anti Virus
http://www.wired.com/2012/06/internet-security-fail/
SLIDE 54
Anti Virus
http://www.wired.com/2012/06/internet-security-fail/
SLIDE 55
Pen Tests
http://blog.thinkst.com/2012/03/penetration-testing-considered-harmful.html
SLIDE 56
We are not modelling the right threats
SLIDE 57
Were all the attacks novel?
SLIDE 58
Nope.. Not even the ANT stuff
SLIDE 59
Many of these techniques were previously demonstrated
SLIDE 60
SLIDE 61
Why didn't you know about them?
SLIDE 62
talk graph - tscapes Q2 - 116 Security Events 257 conference days
SLIDE 63
http://thinkst.com/ts/free
SLIDE 64
Will the leaks make things better or worse?
SLIDE 65
Intelligence reforms may or may not happen..
- but, from the point of view of
sophisticated attacks
SLIDE 66
Courage is Contagious
SLIDE 67
life imitates..
SLIDE 68
Caveat
SLIDE 69
This doesn’t apply to everyone!
SLIDE 70
biggest mistake is thinking you are all the same..
http://blog.thinkst.com/2013/01/your-companies-security-posture-is.html
SLIDE 71
Summary
- If everything is important, nothing is
important
- Your execs need training!
- Sophisticated attackers do exist
- It’s obvious the emperor has no clothes.
- Things are going to get a lot worse for a
bit
SLIDE 72
Summary of Summary
Understand your threat model Understand the space
SLIDE 73