Topic Presentation
advertisement
October 2011 Twitter: #cybergamut I’m a Suit in a Cyber World! 1 Employment History Financial Services 2 Employment History Financial Services 3 Employment History Ski Bum 4 Employment History Ski Bum 5 Employment History USAF Officer 6 Employment History USAF Officer 7 Employment History SAIC 8 Employment History SAIC Program Manager 9 Employment History SAIC Program Manager 10 Employment History SAIC Division Manager 11 Employment History SAIC Division Manager 12 Employment History SAIC Capture Manager 13 Employment History SAIC Capture Manager 14 Education History King College BA Economics & Business Administration 15 Education History King College BA Economics & Business Administration 16 Education History Chartered Life Underwriter 17 Education History Chartered Life Underwriter 18 Education History UMD Europe Bowie State University MS Management Information Systems 19 Education History UMD Europe Bowie State University MS Management Information Systems 20 Education History PMP 21 Education History PMP 22 Education History GCIH 23 Education History GCIH 24 Large Cyber Procurements SAIC Capture Manager 25 Large Cyber Procurements > $250,000,000 26 Introduction to cybergamut 29 History and Why Change • In 2008 SAIC established cybernexus – Coming together or “nexus” of cyber analysts – Central Maryland • In 2011 cybernexus renamed cybergamut – Runs the “gamut” of cyber disciplines – Global organization • cybergamut nodes – – – – Socorro, New Mexico Sioux Falls, South Dakota San Antonio, Texas Northern Virginia (Tysons Corner and Herndon) 30 Mission Statement cybergamut is a worldwide community of practice for cyber professionals across industry, academia, and government providing ongoing education, training, and certification opportunities throughout all phases of a cyber professional’s career, utilizing traditional methods as well as non-traditional techniques like puzzles, Easter Eggs, and problem solving. 31 Easter Eggs 32 Easter Eggs (eeggs.com) 33 Challenge Cards 34 Challenge Coin 35 Technical Tuesday • What it is – a technical exchange • What it is not – A sales presentation – A product endorsement – For discussion of procurements – For discussion of procurement related issues 36 PDU and CPE • PMI PDU’s – PMI Baltimore approved most Technical Tuesday events as eligible for PMI PDU’s under Category B, Continuing Education • CPE’s for CISSP – Self certification • Other certifications – What do you need? 37 Previous Topics • • • • • • • • • • Defending a Large Network • – – Brian Rexroad of AT&T 2 Dec 2008 – – Paul Schnegelberger of SAIC and John Sanders of Northrop Grumman TASC Nov/Dec 2008 – – Jim Jaeger of General Dynamics 13 Jan 2009 – – Aaron Wilson of SAIC 13 Jan 2009 • – – Greg Virgin of RedJack 27 Jan 2009 • – – Peiter “Mudge” Zatko of BBN 27 Jan 2009 • – – David Harris of SAIC 10 Feb 2009 • – – Darryl Ackley of New Mexico Tech 24 Feb 2009 – – Clift Briscoe and Nat Cooper of Edge 24 Mar 2009 – – George Economou of Akamai 24 Mar 2009 DNI Essentials Digital Forensics Case Studies in Cyber Attacks Trickler Security Tools IPv6 • • Exploitation Prediction Analytic and IO Tools Distributed Systems Technologies and Internet Intelligence • • Exploring the Social World of the Russian Hacker Community – – Tom Holt of Michigan State University 10 Mar 2009 – – Amber Schroader of Paraben 10 Mar 2009 – – Earl Zmijewski of Renesys 14 Apr 2009 – – Nico Lacchini of TDI 26 May 2009 – – Johnny Long 11 Jun 2009 – – Bruce Potter of Ponte Technologies 14 Jul 2009 – – Rob Lee of MANDIANT and the SANS Institute 18 Aug 2009 – – Sean Bodmer of Savid Corporation 22 Sep 2009 – – Stuart McLeod of Global Knowledge 3 Nov 2009 Modern Forensic Investigative Techniques Defending Against BGP Man-In-The-Middle Attacks Examining the Storm Worm No-Tech Hacking Dirty Secrets of the Security Industry Windows Forensic Analysis: Dissecting the Windows Registry Silence of the RAM VoIP Security - Attacks, Threats and Countermeasures 38 Previous Topics cont. • • • • • • • • A Tale of Two Departments – How Commerce and State Dealt With Chinese Intrusions: Lessons Learned Plus: Security Heroes and the 20 Critical Controls – – Alan Paller of the SANS Institute 9 Mar 2010 – – Aaron Barr of HBGary Federal 27 Apr 2010 – – Paul Frank of ITT 25 May 2010 • • Aurora Malware reverse engineering at ITT Advanced Cyber Collection Techniques; Extracting and Analyzing Information from the Domain Name System • • • – – Tim Cague of The CYAN Group 10 Aug 2010 – – Aaron Barr of HBGary Federal 5 Oct 2010 • – – Gene Bransfield of Tenacity Solutions 9 Nov 2010 • – • – Presented by Michael Collins & Greg Virgin of RedJack along with Jim Downey of DISA PEO-MA 30 Nov 2010 – – Josh Goldfarb of 21st Century Technologies 4 Jan 2011 The Rise of the Social Web Why Security People S#ck Insider Threat and Real-World Incident Study Network Monitoring • Network Device Exploitation with Universal Plug & Play – – Terry Dunlap of Tactical Network Solutions 8 Feb 2011 – – Jeff Kuhn of Pangia Technologies 29 Mar 2011 – – Tom Parker of Securicon 19 Apr 2011 – 10 May 2011 – – Rob Lee of MANDIANT and The SANS Institute 24 May 2011 – – Peder Jungck of Cloudshield and SAIC 28 Jun 2011 – – Brian Snow 19 Jul 2011 – – Jason MacLulich of Endace 9 Aug 2011 – 30 Aug 2011 Deep Packet Inspection for Cybersecurity ASW&R Stuxnet Redux: Malware Attribution & Lessons Learned Special Technical Tuesday and renaming APT Intrusion Remediation: The Top Do's and Don'ts Deep Packet Inspection Our Security Status is Grim Cellular Security Government Cyber Technical Directors’ Panel 39 Upcoming Technical Tuesdays • Hacking Windows 7 and defending against physical attacks – 18 Oct 2011 – Jesse Varsalone • Looking for more speakers and topics such as: – – – – – – – – – – – – Tor routing Malware reverse engineering Cyber situational awareness Splunk Cloud computing and cloud forensics Geolocation of IP addresses and mobile devices Digital forensics E-discovery Attack attribution Deep packet inspection Fuzzing Writing secure code To suggest topics, volunteer to speak, or to receive an invitation, please contact: scott.w.sheldon@saic.com 40 Interesting Topics from the Chief 5uit’s Perspective 41 Remember! 42 Dash 43 Foreign Language • 1337 = LEET = short for elite (maybe) – 5uit = Suit • Pwn = Own – Your computer has been pwned • Teh = the – Accidents become purposeful – This was before spell checkers – hard to do now • Texting – LOL – ROFL – - OMG Powerpoint translated : and ) to this 44 Different Culture • • • • • • • • 95% male Black T-shirts Interesting facial hair Body art Add alcohol and mix vigorously Stickers everywhere Lock picking for fun (lock sport) Hackers aren’t all Bad – I Hack Charities • As a 5uit, I’m counter-counter-culture 45 Pure evil • Wireless diabetes pump exploit 49 Pure evil – or is it? • Wireless diabetes pump exploit • Exploit released by a pump user • Wants manufacturer to fix the problem • This is typical of many of the things released 50 Bot in a Botnet • What’s a Bot and what’s a Botnet? – Computers that have been taken over – Used for distribution of Spam and Malware – Used for other nefarious deeds 51 Bot in a Botnet • What’s a Bot and what’s a Botnet? – Computers that have been taken over – Used for distribution of Spam and Malware – Used for other nefarious deeds • Does your Mom care? 52 Bot in a Botnet • What’s a Bot and what’s a Botnet? – Computers that have been taken over – Used for distribution of Spam and Malware – Used for other nefarious deeds • Does your Mom care? • Do you care? 53 Digital Hygiene You can’t Patch Stupid!!! You can’t Patch Stupid!!! Don’t be “Stupid” Don’t use Reply All in a Mail Storm!!! You can’t Patch Stupid!!! Social Engineering • Extremely effective • DEFCON Social Engineering Contest – Amazing what people will give away – Help desks were overly helpful 76 Click OK to Continue Should I proceed? 79 Should I proceed? I did!!! 80 Phishing and Spearphishing • E-mails and targeted e-mails – Usually with a link – Watch for typo’s and misspelllings • V1AGRA • [Insert company name here] has been sold! 81 Classic Phishing – not Nigeria 82 Phishing maybe??? 83 Phishing from GA – Bot?? 84 Spearphishing 85 Corporate Response 86 Another One! 87 Phishing and Spearphishing • E-mails and targeted e-mails – Usually with a link – Watch for typo’s and misspelllings • V1AGRA • [Insert company name here] has been sold! • DEFCON Skybox Demo – Trend tracking via Twitter – Tracking an individual via Social Media – Tiny urls and Bit.ly 88 GPS and other evil devices • GPS, iPhones, etc remember everything • iPhones sync EVERYTHING with their host • Windows 7 Registry saves things a long time • Forensics examiner’s dream • Car thieves “Go Home” – You’re not home and now you’re stranded 89 GPS and other evil devices • GPS, iPhones, etc remember everything • iPhones sync EVERYTHING with their host • Windows 7 Registry saves things a long time • Forensics examiner’s dream • Car thieves “Go Home” – You’re not home and now you’re stranded 90 Supply Chain • Where was your code written? • Where was your hardware produced? • How did it get to you? • Thumb drives • Hard drives 91 X begets Y begets Z… • Needs beget innovation • Innovation begets technology • Policy and strategy follow • • • • – aren’t necessarily “begotten” Lack of policy begets ineffective or non-strategy Doctrine is the military word for policy Tactics are the refinement of military strategy difference between responsibility and authority – DHS has responsibilities – DoD has many clearly defined authorities • National Cyber Policy is challenging – AFCEA story 92 Steganography • Stuff hidden in pictures • Stuff hidden in other non-obvious places 93 Who votes for #1? 94 Who votes for #2? 95 Who votes for #3? 96 Who votes for #4? 97 Steganography • Let’s check your votes . . . 98 #1 Malamute???; not Malware 99 #2 100 #2 is Malodorous; not Malware 101 #3 is Mal-wear; not Malware 102 #4 is Malicious; not Malware 103 Steganography • None of those pictures – I don’t think anyway… • Very hard to detect in a single picture – Potential detection if you have both pictures 50 KB 450 KB 104 Other Scary/Cool Concepts • Segmented polymorphic malware – Bad stuff that changes its looks, delivered in parts • Metamorphic malware – Bad stuff that changes what it does • Cloud Computing – distributed virtualization – Which denomination? • Hadoop – son’s toy elephant – Cloud Security – Cloud Forensics • Zero-day – Brand new malware or exploits 105 Should I click? 106 Social Networking • “On the Internet, nobody knows you’re a dog” – New Yorker Magazine, 1993 – Still true today • Do you really know who your Friends are? – Would you cross the street to see them in person? – What are you revealing in your posts? 107 Fake Profile??? 108 Social Networking • “On the Internet, nobody knows you’re a dog” – New Yorker Magazine, 1993 – Still true today • Do you really know who your Friends are? – Would you cross the street to see them in person? – What are you revealing in your posts? • “My Daddy’s dating…” • Twitter - #cybergamut – Spontaneous and quick – No filter – No retraction after re-tweet 109 Need this button Location-based Services • Facebook Places and Foursquare • Preparation for Travel – Set up light timers – Make your home look lived in • • • • “Check in” at out of state locations Photo metadata Okay for my Friends to know What about Friends of Friends? – What about Mafia Wars Friends of Friends? 112 Facebook Places 113 Clearly Out of Town 114 • Photo metadata • Photo metadata • Facebook actually removes the location information User Names and Passwords • Anonymous and LULZ Sony Attacks – 77 million users affected • Other large data thefts • User Name and Password combinations – How many do you use? – Remember the Bots?!? – This got my attention! 117 What do we do? •I don’t know… •I think education helps… 118 Cyber Increases • Volume • Variety • Velocity 119 Cyber Increases • Volume = 123 slides • Variety • Velocity 120 Cyber Increases • Volume = 123 slides • Variety = 25 topics • Velocity 121 Cyber Increases • Volume = 123 slides • Variety = 25 topics • Velocity = 1 hour = ~29 sec per slide 122 That’s all we’ve got! 123
