1 / 48

Arjen Kamphuis arjen@gendo.ch

Infosec & counter-surveillance If you don't need this you lack ambition. Arjen Kamphuis arjen@gendo.ch. House rules. Please switch dogs, robots and other phones to mute NOW This presentation is Creative Commons licensed. Share and use! Ask difficult questions.

ceri
Download Presentation

Arjen Kamphuis arjen@gendo.ch

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Infosec & counter-surveillance If you don't need this you lack ambition Arjen Kamphuis arjen@gendo.ch

  2. House rules • Please switch dogs, robots and other phones to mute NOW • This presentation is Creative Commons licensed. Share and use! • Ask difficult questions http://creativecommons.org/licenses/by-nc-sa/3.0/nl/

  3. Have you been using: e-mail video or voice chat videos photos stored data VoIP calls file transfers video conferencing …from any of… Microsoft / Hotmail, since Sep 11, 2007 Google, since Jan 14, 2009 Yahoo, since Mar 12, 2008 Facebook, since June 3, 2009 PalTalk, since Dec 7, 2009 YouTube, since Sep 24, 2010 Skype, since Feb 6, 2011 AOL, since Mar 31, 2011 Apple, since Oct 2012 than you are in the NSA database Have you been using: e-mail video or voice chat videos photos stored data VoIP calls file transfers video conferencing …from any of… Microsoft / Hotmail, since Sep 11, 2007 Google, since Jan 14, 2009 Yahoo, since Mar 12, 2008 Facebook, since June 3, 2009 PalTalk, since Dec 7, 2009 YouTube, since Sep 24, 2010 Skype, since Feb 6, 2011 AOL, since Mar 31, 2011 Apple, since Oct 2012 than you are in the NSA database

  4. Government policy today • EU & Euro nations have known about Echelon since 2000 • Euro nations have known about effective counter-measures since at least July 2001 • Despite formal repeated requests from parliaments none of these measures have been implemented • Government is, at best, completely incompetent, at worst your enemy

  5. We fight back?

  6. NSA budget: $78 billion (about $0,10 per westener per day) Increase the cost of monitoring you from $0,10 per day to $100.000+ per day

  7. .com .org .net .ch .nl .de

  8. Infosec policies C • Confidentiality, who can acces the data? • Integrity, is the data unaltered? • Availability, is the data available? • Do the rules apply to everyone the same way? I A

  9. 'security' confidentiality, integrity & availablilty technology behaviour

  10. Re-action De-tection Pro-tection

  11. What is sourcecode? Hello World! ^ELF^A^A^A^@^@^@^@^@^@^@^@^@^B^@^C^@^A^@^@^@À<82>^4^@^@^@<9C>^G^@^@^@^@^@^@4^@^@^G^@(^@^Y^@^X^@^F^@^@^@4^@^@^@4<80>^4<80>^à^@^@^@à^@^@^@^E^@^@^@^D^@^@^@^C^@^@^@^T^A^@^@^T<81>^^T<81>^^S^@^@^@^S^@^@^@^D^@^@^@^A^@^@^@^A^@^@^@^@^@^@^@^@<80>^^@<80>^Ò^D^@^@Ò^D^@^@^E^@^@^@^@^P^@^@^A^@^@^@Ô^D^@^@Ô<94>^Ô<94>^^D^A^@^^A^@^@^F^@^@^@^@^P^@^@^B^@^@^@ä^D^@^@ä<94>^ä<94>^È^@^@^@È^@^@^@^F^@^@^@^D^@^@^@^D^@^@^@( ^A^@^@(<81>^(<81>^^@^@^@^@^@^@^D^@^@^@^D^@^@^@Qåtd^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^F^@^@^@^D^@^@^@/lib/ldinux.so.2^@^@^D^@^@^@^P^@^@^@^A^@^@^@GNU^@^@^@^@^@^B^@^@^@^B^@^@^@^@^@^@^@^C^@^@^@^F^@^@^@^E^@^@^@^A^@^@^@^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^B^@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@D^@^@^@^@^@^@^@ú^@^@^@^R^@^@^@.^@^@^@^@^@^@^@9^@^@^@^R^@^@^@5^@^@^@À<84>^^D^@^@^@^Q^@^N^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@_Jv_RegisterClasses^@__gmon_start__^@libc.^@_IO_stdin_used^@__libc_start_main^@GLIBC_2.0^@^@^@^B^@^B^@^A^@^@^@^@^@^A^@^A^@$^@^@^@^P^@^@^@^@^@^@^@^Pii^M^@^@^B^@V^@^@^@^@^@^@^@Ô<95>^^F^E^@^@Ì<95>^^G^A^@^@Ð<95>^^G^B^@^@U<89>å<83>èa^@^@^@èÈ^@^@^@èã^A^@^@ÉÃ^@ÿ5Ä<95>^ÿ%È<95>^^@^@^%Ì<95>^h^@^@^@^@éàÿÿÿÐ<95>^^@^@^@éÐÿÿÿ1í^<89>á<83>äðPTRh^P<84>^h°<83>^QVh<84><83>^è¿ÿÿÿô<90><90>U<89>åSè^@^@^@^@[<81>ÃÓ^R^@^@P<8B><83>^T^@^@^@<85>Àt^BÿÐ<8B>]üÉÃ<90><90><90><90><90><90><90><90><90><90>U<89>å<83><80>=Ø<95>^^@u¡Ü<94>^<8B>^P<85>ÒtESC<8D>¶^@^@^@^@<83>À^D£Ü<94>^ÿÒ¡Ü<94>^<8B>^P<85>ÒuëÆ^EØ<95>^^AÉÃ<89>öU<89>å<83>¡¼<95>^<85>Àt!¸^@^@^@^@<85>Àt^XÇ^D$¼<95>^è<8C>÷<8D>¶^@^@^@^@<8D>¿^@^@^@^@<89>ì]ÃU<89>å<83><83>äð¸^@^@^@^@)ÄÇ^D$Ä<84>^è^PÿÿÿÉÃ<90><90><90><90><90><90><90><90><90><90><90><90><90><90>U<89>åWV1öS<83>ì^Lè ^@^@^@<81>Ã^@^R^@^@è­þÿÿ<8D><93>^Tÿÿÿ<8D><83>^Tÿÿÿ)ÂÁú^B9Ös^\<89>×<8D>´ compiler • programming language versus • machine language int main () { printf (“Hello World!\n”); }

  12. usedifferent browsers!

  13. What is protected? protects the content & integrity of your communications protects your (IP) location and (sometimes) identity OTR protects the content of your communications

  14. Arjen Kamphuis arjen@gendo.ch gendo.ch/en/blog/arjen @arjenkamphuis email blog twitter tcij.org - The Centre for Investigative Journalism 55FB B3B7 949D ABF5 F31B BA1D 237D 4C50 118A 0EC2 PGP fingerprint

More Related