Salander v bond b sides detroit final v3
Transcript of Salander v bond b sides detroit final v3
![Page 1: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/1.jpg)
Corporate Spies
Lisbeth Salander vs James Bond
![Page 2: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/2.jpg)
Overview
Background
Intelligence Life Cycle
War Stories
Anti-Anti-Corporate Spy Training
Conclusions and Review
![Page 3: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/3.jpg)
Take Aways
The 4 principal motivators of betrayals
Anti-anti-espionage training
Incorporating what we’ve learned into our OPSEC measures
![Page 4: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/4.jpg)
Mandatory Self Definition
@Antitree Intrepidus Group: mobile hacking BSidesDetroit12: Jukebox hack Organizer: BSidesROC Founding Member of Interlock Rochester “cyber”
![Page 5: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/5.jpg)
Background
Every fortune 500 organization has an intelligence program under some other title› Competitive intelligence, corporate intel, business
analysis Corporate spies are almost never caught, and
almost never convicted, and never serve more than 1 year in a “corporate spy” prison.
![Page 6: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/6.jpg)
James Bond
MI6 operative Relies on Humans as
sources of intel Somehow explodes
everything Makes love to pretty
ladies
![Page 7: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/7.jpg)
Lisbeth Salander
Works as a PI Socially unacceptable Intelligence comes through technical
means Also makes love to pretty ladies
![Page 8: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/8.jpg)
Types of Intel Agents Government Employees:
› CIA, Marines, Homeland security› Provide intel and counter intel services
Corporate Competitive Intelligence employees› Work for an organization to provide intel on their competitors› Mostly ethical practices
Private Corporate Spies› Individuals or private organizations that sell secrets between
companies› Focused, well paid, completely illegal
![Page 9: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/9.jpg)
HUMINT VS TECHINT
![Page 10: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/10.jpg)
Scenarios
Break into network steal documents Phishing campaign steals creds Malware targeting a company
![Page 11: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/11.jpg)
TEC
HIN
T
Benefits
Costs
Direct unfettered access to intelligence No middlemen Limited risk of inflation, lying Lower risk of being caught
More defense measures are in place compared to HUMINT
Clearly defined laws regarding IP, hacking, etc
![Page 12: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/12.jpg)
Scenarios
Turning a secretary to tell you who the CEO is meeting with
Paying a VP for financial information Convincing a QA dept to give you
access to products
![Page 13: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/13.jpg)
HU
MIN
T
Benefits
Costs
Information directly from the source Can be the “fall guy” Can circumvent any network security
measures Context for intelligence
The most sensitive information is in small circles
Possibility for betrayal, lying, or inflating information
Humans need coddling
![Page 14: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/14.jpg)
Principal Motivators for Betrayal
Money: I will pay you $50,000.
Ideology: Do it for the greater good of your country!
Coersion: If you don’t do this, your will will find out about your mistress.
Ego: I’ve been watching you and you’re the best in the business. I need your help.
![Page 15: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/15.jpg)
The Intelligence Life Cycle
![Page 16: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/16.jpg)
Intelligence Cycle For Spooks
Define Target
Develop Access
Process Intel Exit
![Page 17: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/17.jpg)
Define Target
Develop Access
Process Intel ExitDefine
Target
![Page 18: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/18.jpg)
Defining the target
Recon: (information gathering) Goals: (target identification)
› Secret codes› Business Plans
Entry Points: (vulnerabilities) Identify potential sources
![Page 19: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/19.jpg)
Information Horizon
Information horizon› Knowledge of people in the organization› Knowledge of business practices
Attacks can use a combination of knowledge to exploit
Start in the outer hub, and ride a spoke to next layer
Pivoting
![Page 20: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/20.jpg)
Finding People Online Ready To Turn
Ask benign questions for secret information “I’m thinking about buying a new digital camera, what
is Kodak coming out with?” “What kind of IDS does Linode use internally? I’m
concerned about sensitive information getting hacked” Question sites:
› Yahoo Answers› Stack Exchange› Forums
![Page 21: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/21.jpg)
Turning Sources Single Parent Rule: People can justify just about any
action, if taken to improve the lot of their children. (Money)
Disgruntled Employees: Employees with cut salaries or got laid off turn bitter and vengeful (Ideology, Ego)
Bad credit scores(Money) Sexual disclosure (Coersion)
› Cheating spouse› Pornography habits
![Page 22: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/22.jpg)
Define Target
Develop Access
Process Intel ExitDevelop
Access
![Page 23: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/23.jpg)
Developing Access: TECHINT
Network penetration Surveillance Malware / APT OSINT
![Page 24: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/24.jpg)
Developing Access: HUMINT
All Social Engineering tactics apply Study potential sources, their interests,
the habits Define personality type and
vulnerabilities: › Loud and egotistical › quiet and non-confrontational
![Page 25: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/25.jpg)
Developing Access: HUMINT
Hang out at the bars they do Become friends Find what will motivate them
![Page 26: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/26.jpg)
Define Target
Develop Access
Process Intel ExitProces
s Intel
![Page 27: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/27.jpg)
Collecting Intel from sources
Establish a Tradecraft: (AKA Stego for meat sacks)
Dead Drops Meeting Points Code words
![Page 28: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/28.jpg)
No Attribution!
Types of non-attribution:› Anonymity: no idea who did it› Spoof: blame someone else› Deniability: oh it was just a bot in China.
*shrug* Communication Security vs Storage
Security
![Page 29: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/29.jpg)
Define Target
Develop Access
Process Intel ExitExit
![Page 30: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/30.jpg)
Selling Intel
Sell to mid-level VPs not the CEO Organizations will always want
plausible deniability Negotiate the terms
![Page 31: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/31.jpg)
Cleanup
Decommission operation theater Spin down connection with sources
› Maintain surveillance Destroy/Scrub all information
› Friends + Thermite
![Page 32: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/32.jpg)
War Stories
![Page 33: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/33.jpg)
Peter and the Wolf Peter is going through a divorce Alex – Russian spy – hangs out in bars and coffee shops near targeted
areas of DC Alex becomes Peter’s friend over 2 months Alex pays Peter for phone number of people inside his company Tradecraft:
› Used pass phrases to leave messages and confirm the identity while trading information
› Make a chalk mark on the mailbox Alex gets one of his other ops to exchange information about “Star Wars” Peter social engineers an IT admin fixing the wiring closet Peter steals the documents off the network and exfiltrates it back to
Moscow
![Page 34: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/34.jpg)
Lessons Learned?
Primary Motivator: Money Spies are friendly Tradecraft
› Chalk mailbox› Pass phrases
![Page 35: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/35.jpg)
Bill Gaede
![Page 36: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/36.jpg)
Bill Gaede Started working for AMD in 1979 Walks up to the Cuban embassy in 1982 and says “I want
to be spy” 1989 communism is boring 1992 he turns himself into the CIA becomes a double
agent 1992 he goes to work for Intel 1994 he flies to South America and sells Pentium secrets Tries to sell the secrets to North Korea, China, Iran, and
AMD
![Page 37: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/37.jpg)
How? Walked around picking up random documents and
photo copying them Used lots of photo copiers so security would never
notice Guards only looked for green or blue paper Charismatic
› Access to new tech was just because his friends gave it to him
› Offered to do favors for everyone› Always befriended secretaries
![Page 38: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/38.jpg)
Lessons learned?
Primary Motivation: Ideology Good employees make good spies Security theatre
![Page 39: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/39.jpg)
![Page 40: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/40.jpg)
Corporate Spy Training
![Page 41: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/41.jpg)
Countermeasures
Security programs The best way to catch a something
something is to act like a something something
Games to practice being a spy
![Page 42: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/42.jpg)
Coffeeshopping
Walk into a room, look around, and leave› How many people are in the room?› How many people of each age group?› What color are the cars parked outside?› What was everyone doing?› How detailed can you draw the room?
![Page 43: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/43.jpg)
Slowest Race
You need to choose which line to go into.
Profile the people in each line› Older, younger, attractive, tired, etc
Race the next person that uses the other line
Airports are great for this
![Page 44: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/44.jpg)
Sudo Make Me a Sandwich
Thought exercise: How as the following rolls might you be able to exploit something in your organization?› Junior employee› Outside contractor› Delivery person› After hours staff
How can you remediate?
![Page 45: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/45.jpg)
Spy Trainer
![Page 46: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/46.jpg)
Conclusions
![Page 47: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/47.jpg)
The principal motivators of betrayal are also the principal motivators of success
![Page 48: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/48.jpg)
Think offensively about corporate spying
![Page 49: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/49.jpg)
Our OPSEC measures should include our own personal “Information Horizon”
![Page 50: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/50.jpg)
![Page 51: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/51.jpg)
![Page 52: Salander v bond b sides detroit final v3](https://reader037.fdocuments.in/reader037/viewer/2022110119/5570d511d8b42a1d358b5767/html5/thumbnails/52.jpg)