SlideShare ist ein Scribd-Unternehmen logo

An Underground education

G
grugq
Technologie
1 von 73
Downloaden Sie, um offline zu lesen
An Underground Education Lessons in Counterintelligences from History’s Underworld @thegrugq
Agenda Counterintelligence Processes Threats Contributing Factors Professional Thieves: CI Hackers: CI
Counterintelligence
Processes of CI Basic Denial Adaptive Denial/Insight Covert Manipulation
Basic Denial
Prevent the transfer of information to the adversary Primarily proscriptive Don’t engage in some behavior Enough for basic survival
OPSEC STFU COMSEC Vetting members to prevent penetrations examples
The first breach of security occurs when the opposition becomes aware that information worthy of targeting exists. Counterintelligence: Theory and Practice After the adversary knows there is something to look for, then the game begins. You can’t go back underground. :(
Adaptive Denial
Insight into oppositions techniques/processes Develop countering tactics Analyze security posture for weaknesses Develop remediations Ongoing process Dual pronged approach. On the one hand, learn how the adversary works and attempt to work around those strengths/capabilities On the other, look at organisational weaknesses and address them. Iterative. Best if there is a penetration into the adversary to monitor how they function
Adjust to remedy unique vulnerabilities and/or adversarial strengths Greatly benefits from access to adversarial know- how Active penetrations of the adversary are very useful here Colombian narco traffickers used court discovery heavily to discover the Tactics, Techniques and Procedures of the adversary The PIRA started to do the same thing later in their struggles, forcing the .gov to reveal details
Covert Manipulation
Provide the adversary with false information Deceive the adversary into taking futile action Deceive the adversary into not taking action Mostly irrelevant for hackers Misdirection could be valuable, maybe. Adversary has multiple channels for receiving information, have to send fake signals down them all. HUMINT, technical penetrations, open source INT, etc. etc.
Intelligence Threats The capabilities of the adversary are described as “intelligence threats”, that can be used to gain information about the agency.
Penetrations Technical Penetrations Passive Surveillance Media Exposure HUMINT, SIGINT, ... OSINT
Informants
Intel Lingo: penetrations Recruited Inserted Most serious threat HUMINT is the biggest threat. Many sources, from forcing someone to “turn state’s evidence”, to undercover operation, to recruiting someone in place/defections... lulzsec’s collapse ultimately stems from a single individual leaving Anonymous and dumping IRC logs in public.
Technical Monitoring
Wiretaps, etc Trojans and monitoring software Video / audio surveillance An increasing threat See: media reports of legal trojans FinSpy, etc.
Surveillance
Passive observation from local population Dedicated active surveillance teams Not really a threat for hackers or professional thieves
Media Exposure
Media coverage creates an OSINT footprint Can be dangerous for hackers Raises profile which draws adversarial attention
Contributing Factors Factors that contribute to the groups CI strengths and vulnerabilities.
Organizational structure Controlled territory Popular support Adversarial capabilities Resources
Organizational Structure
Hierarchical vs. Flat Flat can react faster Hierarchical can enforce good practices Flat leads to poor compartmentation Hierarchical increase value of high level penetrations
Tight vs. Loose Loose, each node has a unique CI signature, harder to attack efficiently Tight, can enforce CI discipline better Loose, can have poor practices and CI resources Tight can be rigid, introducing systemic CI vulnerabilities Tightly controlled organisations react slowly and can develop rigid CI practices. This means they’re exploitable.
Controlled Territory
Area safe from adversarial intelligence gathering Reduces incentives to develop robust CI posture We’ll see that later, with China and Russia.
Popular Support
Active support from the population Housing, food, etc Passive support from the population Don’t report activity to the adversary Not really an issue for hackers, but thieves faced a hostile population.
Adversary’s Capabilities
Highly capable adversary Strong intelligence capabilities Experienced and knowledgeable Low capability adversary Floundering reactionary moves that are ineffective and make people angry
Resources
Adversarial resources available for Performing intelligence gathering Analysis Follow up actions Agency resources for counterintelligence Dedicated CI team(s)
Organizational Learning The way that adversarial groups learn and adjust to each other’s behaviour is well studied. It is a subset of Organizational Learning -- Competitive adaptation.
Competitive Adaptation The way these factors and processes interact is called competitive adaptation, as two adversarial groups learn from and adjust to each other’s strengths and capabilities
Adverse environments breed stronger actors
Competitive Adaptation Organizations are superior to individuals Can afford some losses and still recover Deeper experience base to draw from (more metis)
Setbacks lead to sense-making and recovery Damage Assessments Adaptive Denial Setbacks - flaps in “Intel Speak”
Professional Thieves Perfectly suited for their time, failed to exhibit adaptive denial and learn from competitive adaptation. They were darwinialy selected out of modern society. The lesson here for hackers is simple, either adapt where the thieves didn’t or enjoy your fading golden years...
Professional Thieves Historical class of professional grifters From 1890s to 1940s in America Self identify as thieves (honorific) Thieve argot used to demonstrate membership A large community of practice
Thieves Con men Long con, short con Cannons (pickpockets) Boosters (shoplifters)
Organizational Structure Flat Loose Small “mobs” with great indivudual variation Autocratic groups survive better than democratic groups in the face of adversarial competition
Controlled Territory Operating inside “fixed” towns Small meeting rooms
Popular support None Relied on high level penetrations of law enforcement apparatus
Professional Thief Assets Core skill was “larceny sense” Experience derived cunning Access to fixers and fences Social network with memory for vetting members Example tale of two thieves in boosting from a store. Thief A doesn’t get the alert from B, has item in suitcase already, sees shopkeeper, approaches and demands to see the manager. Is taken to manager, while B collects suitcase and leaves. Thief A is then confused, and walks out.
Rules for effective thievery Steal an item at a time Stash it at a drugstore or restaurant Mail it back home to a friend Never keep it at home / in car Never grift on the way out
Rules, cont. Never draw attention to a working thief Never fail to draw attention to an adversarial threat Failsafe triggers to indicate problems, i.e. arrest Lots of codes and signs - “nix” for coppers around, changing the conversation to prevent people - always punctual to meetings, only reason to be late is arrest - mob will break up - always call someone at fixed time at end of day, on failure they assume arrest and search
Strict rules against informants (“rats”) Violent retaliation against “rats” was sanctioned “A professional thief will never say anything dangerous, and someone who is not a professional thief doesn’t know anything dangerous to say”
Heavy investment in fixers to limit handle problems Little/No adaptive denial capabilities Adversary maintained fixed capabilities No competitive adaptation After the adversary changed their game, lost the corruption and the “old style police work”, the professional thieves day’s were numbered. The environment became too hostile to support them in number.
Hackers
Organizational Structure Flat hierarchy No commanders Loose group structure Individuals pool resources, but act on their own
Controlled Territory Nation state protected hackers Russia, China, etc. Political protection: e.g. USA hacking Iran Secure private servers and channels Unmonitored information transfer
Popular Support Not relevant Cyberspace is not a “space” Support requires knowledge Who, what, etc.
Counterintelligence Denial, Insight, Manipulation
Basic Denial Vetting of members Pseudonymity Limited compartmentation Internal to a group But.. gossip spreads far and fast
Adaptive Denial Limited sensemaking from colleagues’ busts Over reliance on technical protections No case, ever, of a hacker penetration of LEO Resulting in actionable intel to adapt
Covert Manipulation Occasional poor attempts at framing others ProFTP AcidBitches hack Nation state level, certainly happens False flag attacks What is the cost of a VPS in Shanghai?
Hacker Community of Practice Informal community Social groups connected via social mediums Sharing of metis via formal and informal means Zines, papers, blogposts, chats
Communities of Practice Three main hacker communities English Russian Chinese Clustered by language of information exchange
Communities of Practice Operate inside controlled territory Russian Chinese Operate in hostile environment English Interesting that 2/3 communities are operating in controlled territory, where they have carte blanche to operate, provided they avoid antagonizing the local authorities.
Comm of P. CI Controlled territory provides protection against adversarial intelligence collection Discourages robust operational security practices Hostile environments force adaptation Darwinian selection
Favorable elements in any operational situation should be taken advantage of, but not by relaxing vigilance and security consciousness. Soviet doctrine on clandestine operations https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol9no1/html/ v09i1a06p_0001.htm
Learning Disabilities Hacker communities of practice have severe learning disabilities Incurious about why colleagues got busted No lessons learned No damage assessment
Learning Disabilities Hacker groups are too compartmented for info sharing Not compartmented enough to prevent intelligence collection
Lessons Learned
Identity Operational secrets When How Critical Secrets These are the things that hackers most need to be concerned about.
Hacker CI Focus on Basic Denial Create virtual controlled territory Political cover for hacking
Conclusion
Adapt or die
Thank you.

Empfohlen

OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackersgrugq
 
My darkweb-presentation
My darkweb-presentationMy darkweb-presentation
My darkweb-presentationPaul Wilson
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & HygineAmit Arya
 

Empfohlen

OPSEC for hackers
OPSEC for hackersOPSEC for hackers
OPSEC for hackersgrugq
 
My darkweb-presentation
My darkweb-presentationMy darkweb-presentation
My darkweb-presentationPaul Wilson
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & HygineAmit Arya
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseAspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseRohit Revo
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyberstalking
CyberstalkingCyberstalking
CyberstalkingTrevschic
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk ProtectionDigital Shadows
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeDebayon Saha
 
An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 

Weitere ähnliche Inhalte

Was ist angesagt?

Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseAspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseRohit Revo
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media SecurityDel Belcher
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyberstalking
CyberstalkingCyberstalking
CyberstalkingTrevschic
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk ProtectionDigital Shadows
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 

Was ist angesagt? (20)

Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Incident response
Incident responseIncident response
Incident response
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detection
 
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offenseAspects of Cyber Crime theory | Criminal or a Noncriminal offense
Aspects of Cyber Crime theory | Criminal or a Noncriminal offense
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 

Ähnlich wie An Underground education

An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaStefano Maccaglia
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Morakinyo Animasaun
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxGautam708801
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation Ajith Reddy
 
Ethical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaEthical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaKrutarth Vasavada
 
1-Domain ComTIA Security+.pdf
1-Domain ComTIA Security+.pdf1-Domain ComTIA Security+.pdf
1-Domain ComTIA Security+.pdfShamsherkhan36
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 

Ähnlich wie An Underground education (20)

An Underground education
An Underground educationAn Underground education
An Underground education
 
UN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - MaccagliaUN Presentation - 10-17-2018 - Maccaglia
UN Presentation - 10-17-2018 - Maccaglia
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
Be Prepared: Emerging Cyber Security Threats, Vulnerabilities and Risks on Ca...
 
Social engineering
Social engineering Social engineering
Social engineering
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptx
 
Unit-2 ICS.ppt
Unit-2 ICS.pptUnit-2 ICS.ppt
Unit-2 ICS.ppt
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation
 
Ethical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth VasavadaEthical Hacking by Krutarth Vasavada
Ethical Hacking by Krutarth Vasavada
 
1-Domain ComTIA Security+.pdf
1-Domain ComTIA Security+.pdf1-Domain ComTIA Security+.pdf
1-Domain ComTIA Security+.pdf
 
Cyber Crime.ppt
Cyber Crime.pptCyber Crime.ppt
Cyber Crime.ppt
 
Unit 2
Unit 2Unit 2
Unit 2
 
Unit 2
Unit 2Unit 2
Unit 2
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 

Kürzlich hochgeladen

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Kürzlich hochgeladen (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

An Underground education

  • 1. An Underground Education Lessons in Counterintelligences from History’s Underworld @thegrugq
  • 4. Processes of CI Basic Denial Adaptive Denial/Insight Covert Manipulation
  • 6. Prevent the transfer of information to the adversary Primarily proscriptive Don’t engage in some behavior Enough for basic survival
  • 7. OPSEC STFU COMSEC Vetting members to prevent penetrations examples
  • 8. The first breach of security occurs when the opposition becomes aware that information worthy of targeting exists. Counterintelligence: Theory and Practice After the adversary knows there is something to look for, then the game begins. You can’t go back underground. :(
  • 10. Insight into oppositions techniques/processes Develop countering tactics Analyze security posture for weaknesses Develop remediations Ongoing process Dual pronged approach. On the one hand, learn how the adversary works and attempt to work around those strengths/capabilities On the other, look at organisational weaknesses and address them. Iterative. Best if there is a penetration into the adversary to monitor how they function
  • 11. Adjust to remedy unique vulnerabilities and/or adversarial strengths Greatly benefits from access to adversarial know- how Active penetrations of the adversary are very useful here Colombian narco traffickers used court discovery heavily to discover the Tactics, Techniques and Procedures of the adversary The PIRA started to do the same thing later in their struggles, forcing the .gov to reveal details
  • 13. Provide the adversary with false information Deceive the adversary into taking futile action Deceive the adversary into not taking action Mostly irrelevant for hackers Misdirection could be valuable, maybe. Adversary has multiple channels for receiving information, have to send fake signals down them all. HUMINT, technical penetrations, open source INT, etc. etc.
  • 14. Intelligence Threats The capabilities of the adversary are described as “intelligence threats”, that can be used to gain information about the agency.
  • 17. Intel Lingo: penetrations Recruited Inserted Most serious threat HUMINT is the biggest threat. Many sources, from forcing someone to “turn state’s evidence”, to undercover operation, to recruiting someone in place/defections... lulzsec’s collapse ultimately stems from a single individual leaving Anonymous and dumping IRC logs in public.
  • 19. Wiretaps, etc Trojans and monitoring software Video / audio surveillance An increasing threat See: media reports of legal trojans FinSpy, etc.
  • 21. Passive observation from local population Dedicated active surveillance teams Not really a threat for hackers or professional thieves
  • 23. Media coverage creates an OSINT footprint Can be dangerous for hackers Raises profile which draws adversarial attention
  • 24. Contributing Factors Factors that contribute to the groups CI strengths and vulnerabilities.
  • 25. Organizational structure Controlled territory Popular support Adversarial capabilities Resources
  • 27. Hierarchical vs. Flat Flat can react faster Hierarchical can enforce good practices Flat leads to poor compartmentation Hierarchical increase value of high level penetrations
  • 28. Tight vs. Loose Loose, each node has a unique CI signature, harder to attack efficiently Tight, can enforce CI discipline better Loose, can have poor practices and CI resources Tight can be rigid, introducing systemic CI vulnerabilities Tightly controlled organisations react slowly and can develop rigid CI practices. This means they’re exploitable.
  • 30. Area safe from adversarial intelligence gathering Reduces incentives to develop robust CI posture We’ll see that later, with China and Russia.
  • 32. Active support from the population Housing, food, etc Passive support from the population Don’t report activity to the adversary Not really an issue for hackers, but thieves faced a hostile population.
  • 34. Highly capable adversary Strong intelligence capabilities Experienced and knowledgeable Low capability adversary Floundering reactionary moves that are ineffective and make people angry
  • 36. Adversarial resources available for Performing intelligence gathering Analysis Follow up actions Agency resources for counterintelligence Dedicated CI team(s)
  • 37. Organizational Learning The way that adversarial groups learn and adjust to each other’s behaviour is well studied. It is a subset of Organizational Learning -- Competitive adaptation.
  • 38. Competitive Adaptation The way these factors and processes interact is called competitive adaptation, as two adversarial groups learn from and adjust to each other’s strengths and capabilities
  • 40. Competitive Adaptation Organizations are superior to individuals Can afford some losses and still recover Deeper experience base to draw from (more metis)
  • 41. Setbacks lead to sense-making and recovery Damage Assessments Adaptive Denial Setbacks - flaps in “Intel Speak”
  • 42. Professional Thieves Perfectly suited for their time, failed to exhibit adaptive denial and learn from competitive adaptation. They were darwinialy selected out of modern society. The lesson here for hackers is simple, either adapt where the thieves didn’t or enjoy your fading golden years...
  • 43. Professional Thieves Historical class of professional grifters From 1890s to 1940s in America Self identify as thieves (honorific) Thieve argot used to demonstrate membership A large community of practice
  • 44. Thieves Con men Long con, short con Cannons (pickpockets) Boosters (shoplifters)
  • 45. Organizational Structure Flat Loose Small “mobs” with great indivudual variation Autocratic groups survive better than democratic groups in the face of adversarial competition
  • 46. Controlled Territory Operating inside “fixed” towns Small meeting rooms
  • 47. Popular support None Relied on high level penetrations of law enforcement apparatus
  • 48. Professional Thief Assets Core skill was “larceny sense” Experience derived cunning Access to fixers and fences Social network with memory for vetting members Example tale of two thieves in boosting from a store. Thief A doesn’t get the alert from B, has item in suitcase already, sees shopkeeper, approaches and demands to see the manager. Is taken to manager, while B collects suitcase and leaves. Thief A is then confused, and walks out.
  • 49. Rules for effective thievery Steal an item at a time Stash it at a drugstore or restaurant Mail it back home to a friend Never keep it at home / in car Never grift on the way out
  • 50. Rules, cont. Never draw attention to a working thief Never fail to draw attention to an adversarial threat Failsafe triggers to indicate problems, i.e. arrest Lots of codes and signs - “nix” for coppers around, changing the conversation to prevent people - always punctual to meetings, only reason to be late is arrest - mob will break up - always call someone at fixed time at end of day, on failure they assume arrest and search
  • 51. Strict rules against informants (“rats”) Violent retaliation against “rats” was sanctioned “A professional thief will never say anything dangerous, and someone who is not a professional thief doesn’t know anything dangerous to say”
  • 52. Heavy investment in fixers to limit handle problems Little/No adaptive denial capabilities Adversary maintained fixed capabilities No competitive adaptation After the adversary changed their game, lost the corruption and the “old style police work”, the professional thieves day’s were numbered. The environment became too hostile to support them in number.
  • 54. Organizational Structure Flat hierarchy No commanders Loose group structure Individuals pool resources, but act on their own
  • 55. Controlled Territory Nation state protected hackers Russia, China, etc. Political protection: e.g. USA hacking Iran Secure private servers and channels Unmonitored information transfer
  • 56. Popular Support Not relevant Cyberspace is not a “space” Support requires knowledge Who, what, etc.
  • 58. Basic Denial Vetting of members Pseudonymity Limited compartmentation Internal to a group But.. gossip spreads far and fast
  • 59. Adaptive Denial Limited sensemaking from colleagues’ busts Over reliance on technical protections No case, ever, of a hacker penetration of LEO Resulting in actionable intel to adapt
  • 60. Covert Manipulation Occasional poor attempts at framing others ProFTP AcidBitches hack Nation state level, certainly happens False flag attacks What is the cost of a VPS in Shanghai?
  • 61. Hacker Community of Practice Informal community Social groups connected via social mediums Sharing of metis via formal and informal means Zines, papers, blogposts, chats
  • 62. Communities of Practice Three main hacker communities English Russian Chinese Clustered by language of information exchange
  • 63. Communities of Practice Operate inside controlled territory Russian Chinese Operate in hostile environment English Interesting that 2/3 communities are operating in controlled territory, where they have carte blanche to operate, provided they avoid antagonizing the local authorities.
  • 64. Comm of P. CI Controlled territory provides protection against adversarial intelligence collection Discourages robust operational security practices Hostile environments force adaptation Darwinian selection
  • 65. Favorable elements in any operational situation should be taken advantage of, but not by relaxing vigilance and security consciousness. Soviet doctrine on clandestine operations https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol9no1/html/ v09i1a06p_0001.htm
  • 66. Learning Disabilities Hacker communities of practice have severe learning disabilities Incurious about why colleagues got busted No lessons learned No damage assessment
  • 67. Learning Disabilities Hacker groups are too compartmented for info sharing Not compartmented enough to prevent intelligence collection
  • 69. Identity Operational secrets When How Critical Secrets These are the things that hackers most need to be concerned about.
  • 70. Hacker CI Focus on Basic Denial Create virtual controlled territory Political cover for hacking