1 / 26

I Want To Be A Ninja Stealth Cyberterrorist

I Want To Be A Ninja Stealth Cyberterrorist. Simple Nomad CanSecWest 2002. NMRC BindView Skills Needed. About Me/This Talk. NMRC BindView Skills Needed. NMRC BindView Skills Needed. Why This Topic?. How would terrorists do this if they had "skillz"?

carver
Download Presentation

I Want To Be A Ninja Stealth Cyberterrorist

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. I Want To Be A Ninja Stealth Cyberterrorist Simple Nomad CanSecWest 2002

  2. NMRC BindView Skills Needed About Me/This Talk NMRC BindView Skills Needed NMRC BindView Skills Needed

  3. Why This Topic? How would terrorists do this if they had "skillz"? How would us non-terrorists use this if suddenly accused of terrorism? How you can prevent at least some of this traffic.

  4. What the Media Says http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm “Terror groups hide behind Web” by Jack Kelley, USA TODAY 2/5/2001WASHINGTON - Hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies. It sounds farfetched, but U.S. officials and experts say it's the latest method of communication being used by Osama bin Laden and his associates to outfox law enforcement.

  5. What the Media Says http://www.wired.com/news/print/0,1294,41861,00.html “Secret Messages Come in .Wavs” by Declan McCullagh Gary Gordon, vice president of cyber-forensics technology at WetStone Technologies, based in Freeville, New York, said that his firm has made progress in creating a tool to detect steganography. "The goal is to develop a blind steganography detection prototype," Gordon said. "What we've done is gone out, using Web spiders, and downloaded pictures from the Web and run the tool against them." Steganography, Gordon said, primarily turns up on hacker sites. But he and his associates also found instances of steganography on heavily traveled commercial sites such as Amazon and eBay.

  6. Sobering Facts http://www.citi.umich.edu/u/provos/stego/usenet.php From “Scanning USENET for Steganography” by Niels Provos and Peter Honeyman: Gary Gordon, vice president of cyber-forensics technology at WetStone Technologies, based in Freeville, New York, said Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS.However, we have not found a single hidden message.

  7. Sobering Facts Digital watermarking generates false positives Encrypted material inside images would be encrypted

  8. The Problem:Packeteering Satan's Network (Programming Satan's Computer - Ross Anderson and Roger Needham 1995)

  9. Types of Monitoring Invasive - Monitoring nodes are obvious. Traffic speed impacted. Usually easy to avoid.

  10. Types of Monitoring Non-invasive - Monitoring nodes are obvious. Little to no traffic impact. Usually easy to avoid.

  11. Types of Monitoring Stealth - Monitoring nodes are not obvious. No traffic impact. Hard to avoid.

  12. Types of Communication Point to point - Sender/Receiver known. Plaintext or encrypted messages. Example: Email. Advantages/Disadvantages: Little skills required, but sender/receiver known. If encrypted, message is hidden. Communication obvious.

  13. Types of Communication Point to point - Sender/Receiver known. Plaintext or encrypted messages. Example: USENET. Advantages/Disadvantages: Little skills required, sender known. If encrypted, message is hidden. Communication obvious unless obscured.

  14. Types of Communication Anonymous sender – Receiver known. Example: Remailer. Advantages/Disadvantages: Little skills required, receiver known. If encrypted, message is hidden. Communication usually obvious.

  15. Types of Communication Traffic pattern masking – Sender and receiver not known. Example: Loki. Advantages/Disadvantages: Fairly advanced skills required. Potentially sender and/or receiver known if traffic discovered. Usually simple obfuscation as far as covert channel goes.

  16. To Avoid Stealth Monitoring, Stealth Communications Are Needed Stealth Communications - Sender/receiver unknown. Message encrypted. Communication not obvious, difficult to discern from regular traffic.

  17. What Can Satan Sniff? "Anonymous Re-mailers as Risk-Free International Infoterrorists" presented by Paul Strassmann, National Defense University and William Marlow, Science Applications International Corporation. Presented at the "Information, National Policies, and International Infrastructure" conference at Harvard Law School, Cambridge, Massachusetts, January 30, 1996. During the question and answer session, an interesting discussion ensued. Here is a quote from conference attendee Viktor Mayer-Schoenberger:"Both presenters explicitly acknowledged that a number of anonymous remailers in the US are run by government agencies scanning traffic. Marlow said that the government runs at least a dozen remailers and that the most popular remailers in France and Germany are run by the respective government agencies in these countries. In addition they mentioned that the NSA has successfully developed systems to break encrypted messages below 1000 bit of key length and strongly suggested to use at least 1024 bit keys. They said that they themselves use 1024 bit keys." http://www.strassmann.com/pubs/anon-remail.htmlhttp://ksgwww.harvard.edu/iip/GIIconf/gii2age.htmlhttp://catless.ncl.ac.uk/Risks/17.87.html#subj6

  18. What Can Satan Sniff? "Disclosing the method of attacking PGP would involve disclosing classified cryptographic analysis methods (I was taught by the government), and such a disclosure to uncleared persons would be seriously illegal (in wartime such a disclosure carries the death penalty).Seriously though, I would love to lay out the holes in several crypto systems, and would love to disclose the methods for breaking PGP, DES, and a number of other civilian crypto system I have studied (inmultiple NSA crypto schools); but will not disclose information and/or methods I know to be classified."and"The fact that various world governments can perform a PGP decrypt is old news, and not classified, however; the exact method used for the decrypt is what is classified." From private email with a former spook:

  19. What Can Satan Sniff? Other informal sources

  20. Digital Drop Box

  21. Stegonagraphy

  22. Covert Channels

  23. Scenario #1 Stealth Digital Drop Box using Holepunch

  24. Scenario #2 Broadcast Communications using Porn

  25. Scenario #3 Stealth Traffic Pattern Masking using Masquerade

  26. Fin Questions? All questions must be in the form of an answer See you in Las Vegas at Black Hat and Defcon Graphics from DeadDreamer.Com

More Related