lessons from the snowden affair
play

Lessons from the Snowden Affair @haroonmeer September 2014 What - PowerPoint PPT Presentation

Mar 10, 2024 •833 likes •1.58k views

Lessons from the Snowden Affair @haroonmeer September 2014 What this talk is not IT DOESNT MATTER BUGSY CRISSCROSS A-PLUS GUMFISH LFS-2 BULLRUN DYNAMO CROSSBEAM ACRIDMINI GURKHASSWORD LHR BULLSEYE EBSR CROSSEYEDSLOTH

  1. Lessons from “the Snowden Affair” @haroonmeer September 2014

  4. What this talk is not

  6. IT DOESN’T MATTER

  7. BUGSY CRISSCROSS A-PLUS GUMFISH LFS-2 BULLRUN DYNAMO CROSSBEAM ACRIDMINI GURKHASSWORD LHR BULLSEYE EBSR CROSSEYEDSLOTH AGILEVIEW HACIENDA LIFESAVER BUMBLEBEEDANCE EDGEHILL CRUMPET AGILITY HAMMERMILL LITHIUM BYSTANDER EINSTEIN CRYOSTAT AIGHANDLER HAPPYFOOT LOCKSTOCK BYZANTINEANCHOR ELATE CRYPTOENABLED AIRBAG HAWKEYE LONGHAUL BYZANTINEHADES ELEGANTCHAOS CULTWEAVE AIRGAP/COZEN HC12 LONGRUN CADENCE ENDUE CUSTOMS AIRWOLF HEADMOVIES LONGSHOT CANDYGRAM ENTOURAGE CYBERCOMMANDCONSOLE ALLIUMARCH HIGHCASTLE LOPERS CANNONLIGHT EVENINGEASEL CYCLONE ALTEREGOQFD HIGHLANDS LUMP CAPTIVATEDAUDIENCE EVILOLIVE DANCINGBEAR ANCESTRY HIGHTIDE LUTEUSICARUS CARBOY EWALK DANCINGOASIS ANCHORY HOLLOWPOINT MADCAPOCELOT CASPORT EXCALIBUR DAREDEVIL ANTICRISISGIRL HOMEBASE MAGNETIC CASTANET EXPOW DARKFIRE ANTOLPPROTOSSGUI HOMEPORTAL MAGNUMOPUS CCDP FACELIFT DARKQUEST APERTURESCIENCE HOMINGPIGEON MAINCORE CDRDIODE FAIRVIEW DARKTHUNDER AQUADOR HUSHPUPPY MAINWAY CERBERUS FALLOUT � ARTEMIS HUSK MARINA CERBERUSSTATISTICSCOLLECTION FASCIA DEADPOOL ARTIFICE IBIS MAUI CHALKFUN FASHIONCLEFT DEVILSHANDSHAKE ASPHALT ICE MESSIAH CHANGELING FASTSCOPE DIALD ASSOCIATION ICREACH METROTUBE CHAOSOVERLORD FATYAK DIKTER ASTRALPROJECTION ICREAST METTLESOME CHASEFALCON FET DIRTYEVIL AUTOSOURCE IMP MINERALIZE CHEWSTICK FISHBOWL DISCOROUTE AXLEGREASE INCENSER MINIATUREHERO CHIPPEWA FOGGYBOTTOM DISHFIRE BABYLON INDRA MIRAGE CHOCOLATESHIP FORESTWARRIOR DISTANTFOCUS BALLOONKNOT INSPECTOR MIRROR CIMBRI FOXACID DISTILLERY BANYAN INTELINK MOBILEHOOVER CINEPLEX FOXSEARCH DIVERSITY BEARSCRAPE INTERQUAKE MONKEYROCKET COASTLINE FOXTRAIL DOCKETDICTATE BEARTRAP IRONSAND MONSTERMIND COBALTFALCON FRA DOGCOLLAR BELLTOPPER ISHTAR MOONLIGHTPATH CONDUIT FREEFLOW DOGHANDLER BERRYTWISTER JACKKNIFE MOONPENNY CONJECTURE FREEZEPOST DRAGGABLEKITTEN BERRYTWISTER+ JAZZFUSION MOUTH CONTRAOCTAVE FRONTO DRAGON'SSHOUT BINOCULAR JAZZFUSION+ MTI CONVEYANCE FRUITBOWL DROPMIRE BIRDSONG JEDI MUGSHOT CORALINE FUNNELOUT DRTBOX BIRDSTRIKE JEEPFLEA MURPHYSLAW CORALREEF FUSEWIRE DRUID BLACKHEART JILES MUSCULAR COTRAVELER GALAXY PACKAGEGOODS BLACKPEARL JTRIG MUSKETEER OCTSKYWARD GAMUT PANOPLY BLARNEY JTRIGRADIANTSPLENDOUR MUSTANG OILSTOCK GARLICK PARCHDUSK BLUEANCHOR JUGGERNAUT MUTANTBROTH OLYMPIA GENESIS PATHFINDER BLUEZEPHYR KAMPUS MYSTIC OMNIGAT GENTE PBX BOMBAYROLL KEYRUT NAMEJACKER ONEROOF GEOFUSION PHOTONTORPEDO BOTANICREALTY KOALAPUNCH NCSC ONIONBREATH GHOSTMACHINE PICASSO BOUNDLESSINFORMANT LADYLOVE NEBULA OPTICNERVE GILGAMESH PINWALE BRANDYSNAP LANDINGPARTY NEVIS ORANGEBLOSSOM GLASSBACK

  8. What do we learn from it ?

  9. What should we do differently?

  10. Caveat: It’s a short talk

  11. Best begin at..

  12. http://www.theguardian.com/world/2013/jun/06/nsa- phone-records-verizon-court-order

  13. http://www.washingtonpost.com/investigations/us-intelligence-mining-data- from-nine-us-internet-companies-in-broad-secret-program/ 2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html

  14. The extent of the leak?

  16. How many documents?

  17. http://www.reuters.com/article/2013/11/14/us-usa-security-nsa- idUSBRE9AD19B20131114

  18. http://www.reuters.com/article/2013/11/14/us-usa-security-nsa-idUSBRE9AD19B20131114

  19. http://world.time.com/2013/10/14/greenwald-on-snowden-leaks-the-worst-is-yet-to-come/

  20. http://www.bbc.com/news/uk-25205846

  22. They had no idea what he had

  23. Would You ?

  24. Are your execs properly trained ?

  25. http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks

  26. http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks

  27. http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits

  28. http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits

  29. Attackers like that don’t care about me / us

  30. http://www.spiegel.de/international/europe/british-spy-agency- gchq-hacked-belgian-telecoms-firm-a-923406.html

  31. https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/

  32. https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/

  33. https://firstlook.org/theintercept/2014/09/14/nsa-stellar/

  34. http://www.spiegel.de/international/world/snowden- documents-indicate-nsa-has-breached-deutsche- telekom-a-991503.html

  35. These guys were collateral damage

  36. Does collaboration protect you from getting hacked?

  38. http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/ 2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

  39. How many times were they spotted ?

  40. Complete failure of detection & compartmentalisation

  41. http://www.verizonenterprise.com/DBIR/

  42. The good news is…

  43. Do sophisticated attackers exist ?

  44. not estonia not headline sophisticated

  45. not estonia

  46. http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html

  47. http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html

  48. Do sophisticated attackers exist ?

  49. This is profoundly important

  50. Device Based Security Anti Virus Pen Tests

  51. we said victory accomplished

  52. Device based Security

  53. Anti Virus http://www.wired.com/2012/06/internet-security-fail/

  54. Anti Virus http://www.wired.com/2012/06/internet-security-fail/

  55. Pen Tests http://blog.thinkst.com/2012/03/penetration-testing-considered-harmful.html

  56. We are not modelling the right threats

  57. Were all the attacks novel?

  58. Nope.. Not even the ANT stuff

  59. Many of these techniques were previously demonstrated

  61. Why didn't you know about them?

  62. talk graph - tscapes Q2 - 116 Security Events 257 conference days

  63. http://thinkst.com/ts/free

  64. Will the leaks make things better or worse?

  65. Intelligence reforms may or may not happen.. � but, from the point of view of sophisticated attacks

  66. Courage is Contagious

  67. life imitates..

  68. Caveat

  69. This doesn’t apply to everyone!

  70. biggest mistake is thinking you are all the same.. http://blog.thinkst.com/2013/01/your-companies-security-posture-is.html

  71. Summary If everything is important, nothing is • important Your execs need training! • Sophisticated attackers do exist • It’s obvious the emperor has no clothes. • Things are going to get a lot worse for a • bit

  72. Summary of Summary Understand your threat model Understand the space

  73. @haroonmeer http://thinkst.com/ts/free

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Philip Snowden: more Methodism than Marxism Philip Snowden was a leading figure in the

Philip Snowden: more Methodism than Marxism Philip Snowden was a leading figure in the

Philip Snowden: more Methodism than Marxism Philip Snowden was a leading figure in the ILP, that is, in the dominant soft left of the emerging labour representation movement and then of the Labour Party, alongside Keir Hardie

201 views • 4 slides
EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV is

EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV is

EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV is available in HD 24/7 in English & French. EROTICA TV is dedicated to soft erotic and glamorous style for a large audience, men and women ! EROTICA

178 views • 5 slides
Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny

Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny

Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp The post-Snowden adversary Since the Snowden revelations beginning in

481 views • 27 slides
ISE331: Snowden Attack 1 Ou Outline of f Topics Covered Snowdens background and how he

ISE331: Snowden Attack 1 Ou Outline of f Topics Covered Snowdens background and how he

ISE331: Snowden Attack 1 Ou Outline of f Topics Covered Snowdens background and how he got to the position of being able to leak confidential information from the CIA How Snowden planned and performed the attack The method used

264 views • 24 slides
Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP

Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP

Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP Semiconductors Craig Costello Microsoft Research Michael Naehrig Microsoft Research June 2013 the Snowden leaks the NSA had written the

671 views • 13 slides
1 PART ONE: THE NSA / SNOWDEN REVELATIONS Who is the

1 PART ONE: THE NSA / SNOWDEN REVELATIONS Who is the

1 PART ONE: THE NSA / SNOWDEN REVELATIONS Who is the Internet? Who is the Internet? 2.5 billion Internet connected North America and Europe >

585 views • 56 slides
Stuxnet Redux: Malware Attribution & Lessons Learned Blackhat DC 2011 Taking the guesswork

Stuxnet Redux: Malware Attribution & Lessons Learned Blackhat DC 2011 Taking the guesswork

Stuxnet Redux: Malware Attribution & Lessons Learned Blackhat DC 2011 Taking the guesswork out of cyber attribution Tom Parker tom.at.rooted.dot.net Media & Cyber War Love Affair WSJ Wide Cyber Attack Is Linked to

1.33k views • 73 slides
Bu Burea reau u of of Ind Indian ian Af Affair fairs Tribal Transportation Program TTP

Bu Burea reau u of of Ind Indian ian Af Affair fairs Tribal Transportation Program TTP

Bu Burea reau u of of Ind Indian ian Af Affair fairs Tribal Transportation Program TTP Funding Status President Barack Obama speaks prior to signing the 3- month extension of the Highway bill in the Oval Office of the White House July

222 views • 8 slides
Unlimited Artistic Director & Choreographer Mark Smith The Dancers Anthony Snowden Daniel

Unlimited Artistic Director & Choreographer Mark Smith The Dancers Anthony Snowden Daniel

Unlimited Artistic Director & Choreographer Mark Smith The Dancers Anthony Snowden Daniel Stanbury Denny Haywood Kevin Jewell Joseph Fletcher DMD Deaf Men Dancing are developing something innovative and exciting in their work Dan

462 views • 16 slides
Towards A Clean Slate Digital Sovereignty in the Post Snowden Era Alexander von Gernler

Towards A Clean Slate Digital Sovereignty in the Post Snowden Era Alexander von Gernler

Towards A Clean Slate Digital Sovereignty in the Post Snowden Era Alexander von Gernler <gernler@genua.de> Munich Internet Research Retreat Raitenhaslach, November 24/25, 2016 Personal Digital Sovereignty Disclaimer The views presented

258 views • 12 slides
Royal College of Surgeons and South West Professional Affair irs Board Trainee Event Mr

Royal College of Surgeons and South West Professional Affair irs Board Trainee Event Mr

Royal College of Surgeons and South West Professional Affair irs Board Trainee Event Mr Dimitrios Siassakos Consultant Senior Lecturer in Obstetrics Director of Research, Academic Centre for Womens Health, Southmead Hospital Lead for

573 views • 53 slides
Thou shalt not commit adultery. -Exodus 20:14 Donald Trump had an affair with adult film

Thou shalt not commit adultery. -Exodus 20:14 Donald Trump had an affair with adult film

Thou shalt not commit adultery. -Exodus 20:14 Donald Trump had an affair with adult film actress Stormy Daniels in 2006, one year after his marriage to his third wife, Melania. He still received 81% of the white Evangelical vote.

225 views • 3 slides
Blaise 5 in a Production Environment Authors: Paul Segal, Mangal Subramanian, Ray Snowden,

Blaise 5 in a Production Environment Authors: Paul Segal, Mangal Subramanian, Ray Snowden,

Blaise 5 in a Production Environment Authors: Paul Segal, Mangal Subramanian, Ray Snowden, Richard Frey, Mike Florcyzk Presentation Overview Blaise 5 Server and Client Options. Blaise 5 API Use Case. Stress Testing Blaise 5

442 views • 16 slides
Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit evidence that intelligence agencies are globally wiretapping Internet backbone connections Massive collection of web tra ffi c, emails, instant

512 views • 50 slides
P .S. I Love You my love affair with a sultry brunette bombshell Greg Cook AWS Tasting Feb 21,

P .S. I Love You my love affair with a sultry brunette bombshell Greg Cook AWS Tasting Feb 21,

P .S. I Love You my love affair with a sultry brunette bombshell Greg Cook AWS Tasting Feb 21, 2009 Advocacy Organization www.psiloveyou.org Petite Sirah Dark and Mysterious It certainly isnt petite and its not quite Syrah PS name

536 views • 25 slides
PRICE OF PRIVACY IN THE CLOUD, OR THE ECONOMIC CONSEQUENCES OF MR SNOWDEN PROFESSOR SIMON

PRICE OF PRIVACY IN THE CLOUD, OR THE ECONOMIC CONSEQUENCES OF MR SNOWDEN PROFESSOR SIMON

[click to select this box and delete] Title slide option 1 Choose one title slide and delete the others. PRICE OF PRIVACY IN THE CLOUD, OR THE ECONOMIC CONSEQUENCES OF MR SNOWDEN PROFESSOR SIMON WILKIE 18 OCTOBER 2019 LEAD IN HEADING

617 views • 36 slides
Current State of Affairs Better known CS Dept ratings in US: US News and World Report

Current State of Affairs Better known CS Dept ratings in US: US News and World Report

Current State of Affairs Better known CS Dept ratings in US: US News and World Report National Research Council (1995, 2010) Uses/abuses of ratings: Efficient way to inform decisions Choosing a PhD program (especially

552 views • 7 slides
Infection Prevention and NHSN Webinar Series NHSN: Surgical Site Infection (SSI) Surveillance

Infection Prevention and NHSN Webinar Series NHSN: Surgical Site Infection (SSI) Surveillance

An Initiative of the Florida Hospital Association Hospital Improvement Innovation Network Infection Prevention and NHSN Webinar Series NHSN: Surgical Site Infection (SSI) Surveillance Identification and Analysis October 23, 2018 Agenda

670 views • 63 slides
Controlling 280 Turnout Servos Using Small Push-Button Fascia Panels By Bob Judge and Al

Controlling 280 Turnout Servos Using Small Push-Button Fascia Panels By Bob Judge and Al

Controlling 280 Turnout Servos Using Small Push-Button Fascia Panels By Bob Judge and Al Zimmerschied NMRA 2015 National Convention Portland Oregon August 23-29, 2015 1 Forced to move, the Boeing Employees Model Railroad Club (BEMRRC)

656 views • 43 slides
Trim Conditions Trim Conditions Trim Conditions Trim Conditions 1 1 VPC Trim Screen VPC Trim

Trim Conditions Trim Conditions Trim Conditions Trim Conditions 1 1 VPC Trim Screen VPC Trim

Trim Conditions Trim Conditions Trim Conditions Trim Conditions 1 1 VPC Trim Screen VPC Trim Screen 2 2 Trim Trim 26 gage standard 26 gage standard KXL finish standard KXL finish standard Matte Black is only a trim

974 views • 75 slides
Modeling Empathy and Distress in Written Language Sven Buechel Jena University Language and

Modeling Empathy and Distress in Written Language Sven Buechel Jena University Language and

WASSA 2019 Invited Talk Minneapolis, MN, USA, June 6, 2019 Modeling Empathy and Distress in Written Language Sven Buechel Jena University Language and Information Engineering (JULIE) Lab Friedrich-Schiller-University Jena, Jena, Germany

640 views • 61 slides
NEGATIVE NEGATIVE Lack of bacterial Spread of R R Lack of bacterial Spread of eradication

NEGATIVE NEGATIVE Lack of bacterial Spread of R R Lack of bacterial Spread of eradication

Increase in in Increase bacterial R R bacterial NEGATIVE NEGATIVE Lack of bacterial Spread of R R Lack of bacterial Spread of eradication clones eradication clones SPIRAL SPIRAL Recolonization by Recolonization by R

336 views • 16 slides
The Hare and the Tortoise 2)Describe mitigating strategies 3)Understand why Ive chosen this

The Hare and the Tortoise 2)Describe mitigating strategies 3)Understand why Ive chosen this

6/19/2019 Session goals 1)Recognize pitfalls in the diagnostic reasoning process The Hare and the Tortoise 2)Describe mitigating strategies 3)Understand why Ive chosen this silly analogy Improving Our Approach to Clinical Reasoning Bradley

559 views • 31 slides
Chief Complaint UCSF CME June 24, 2015 27 yo previously healthy woman is admitted for severe

Chief Complaint UCSF CME June 24, 2015 27 yo previously healthy woman is admitted for severe

6/24/2015 CPS Chief Complaint UCSF CME June 24, 2015 27 yo previously healthy woman is admitted for severe abdominal pain HPI 3 months ago: anorexia, burping, vomiting, and constipation One month later: subjective fevers, night sweats,

199 views • 9 slides

More recommend