Merken

When Governments Attack

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
the better and the town and then a in a new town and
the the here so summary of our
next talk before lunch show us
that folks stick around for a 2nd after Cooper here reduces talked to pseudo wants to say something
so those who attended recon 2014 will remember that adult friend of the Electronic Frontier Foundation gave a really interesting talk to open the conference and Cooper is here the somewhat is an extension of that I think to talk about targeted malware campaigns if great thank you very much a high so I'm to pretend and this talk is called 1 governments attack an animal talk about some of the target in our campaigns as that EFF and clients have received but this is a picture of me I
must have technologist and I'm a security researcher at the Electronic Frontier Foundation I a work on our privacy Rajah projects as well as our efforts to stop the party tracking online I've given security training status journalists and I've done security research on street-level surveillance devices for EFF the of also recently began learning the art and science of reverse engineering and evolving Sephardim them honor to be here we can the last isn't so the most amazing talk succeeded actuellement this is my colleague Eva Galperin you probably remember her from 2 years ago unfortunately she couldn't be here today uh but she was like recon 2 years ago she's the international policy analyst at the and she does research on malware and targeted attacks and train vulnerable populations like journalists activists and lawyers in surveillance self-defense she also covers policy that affect security researchers such as export controls the like the Boston arrangement the
so what is the of us who here hasn't heard of the FFT I'm going to pretend that I see a hand because of what I have to skip like 25 the so I think the best way to
answer his EFF this earlier this year my colleague jeremy will did some tests that proved the T-Mobile was throttling bandwidth for all video files which were sent over the T mobile network if the user had been John service enabled we asked the team TU mobile CEO's armiger about it and he had this lovely response for us I wanted take a minute to address John's questions because I think they're actually important
so 1st question who the fuck are you anyway the well I guess it in bodily God's we're profile or website or use Google 0 well I suppose laughter of explain a foreign were nonprofit that's been around for 25 years and our mission is to make sure that when you get online your rights come with you that were probably most notorious for our legal work such as on the many lawsuits against the NSA from constitutional spying which were involved in this is something we've been doing since 2006 and were kind of hipsters were doing it before it was cool we also defend
hackers in court when they get into trouble for doing security research ideally we advised them when they have questions about the research so that they don't get into trouble in the 1st place I should note here that I'm not a lawyer and I did not that I'm certainly nite your lawyer so nothing in this talk constitutes store they question constant is legal advice if you have any legal questions Find me after the talk and I'll put you in touch with the people who do that sort of thing
so the 2nd Western why history of so much trouble well that's our job that's why I was there have so much trouble is literally what we get paid to do we have an amazing activism team that's
involve a thinking of new ways to stir up trouble last year along with Brinkley's we flew a blimp over the NSA Utah Data Center to let everybody knows the purpose of the j mysterious building in the desert we also work to reform
the draconian computer from the bees which punishes security researchers with extreme sentences for their research we help the the the
soap and above bills in the US which was centered on on the internet in the name of protecting copyrights generally there's legislation out there that's bad for the Internet we are there to provide analysis and organize opposition
end we actively oppose the 2013 changes to the vast now arrangements which would punish security researchers and classify security tools as weapons the as well as the US proposal for its implementation which was even broader and more dangerous and this actually came out of discussions that you've had 2 years ago with security researchers and academics well she's here we can't so thank you for that job recon the the
1st question who pay that I will were lucky enough to be paid by a 25 thousand members amazing members to make donations and make up that make up the largest part of our yearly budget the our members losses where campaign letting John would you know the facts and let him know that they would pick effort over T Mobile and thanks to the
show support John quickly back-pedals and I admitted that he does know who EFF is and in fact has no problem with us so good if f also works on some
technology projects this is the lower for privacy better which is a browser add-on that blocks the party trackers from spying on your browser and browsing habits brothers vegetarians over half a million users we also have you've probably heard of everywhere
is rather extension which encryptor connection using HDPs to websites whenever possible i currently has more than 2 million active users and is also millions more vital the Tor Project the we also released
recently started a free certificate authority called let's incorrect and wrote client to automatically create SSL certificates which is called survive as so far we've issued 4 million free certificates the so it's less well
known that the FF also does security research mainly focused on vulnerable populations that we've published research on the ways in which the Vietnamese government is targeting opposition activists and their supporters as well as research into Mauer campaigns by pro aside hackers in Syria
I had my colleague Dave Moss and I research motor abilities in automatic license plate readers after we received a tip that should and can be used to find them on the internet we discover hundreds of a devices all over the US there were open the internet with no authentication at all you can use the web interface to view vehicles as they drove by and the scan license plates I you can even download the information if you wanted to but you could tell that into the devices without a password if the web interface did have a password and you could view it in plain text over Telnet and but we said it or do whatever you want but many of the us for reuse across devices or left is the default so we report our findings and add the report compelled to convince the governor of Louisiana Davila bill which would have spent millions on more devices for state and Jerry will and
must also work together to analyze the computer top software and this was suffer which is being distributed by law enforcement agencies to parents as the 1st step to protecting their children online that turned out computer cop was nothing more than spyware which sent data including keylogger data unencrypted to a 3rd party server owned by the company that makes computers cannot we publish their findings and also instructions on how to remove computer up
so along with but so us and along with some of our clients but have also been targeted by persist in our campaigns
so in Vietnam of the Communist government which has very tight control over traditional media so the people who oppose the government often rely on social media and blogs to get the message In response the Vietnamese government started to crack down on bloggers imprisoning them under inhumane conditions of for everything ranging from tax evasion to disseminating and state materials EFF campaign for the release of several Vietnamese bloggers over the years including prominent dissidents DJ analytical con isn't should appear
most of this campaigning was done by my colleague Eva uh which led to comical situation in which the Vietnamese sent malware directly to the personality of who writes in our reports this is a really good way to get samples vietnamese government also targeted and of of activists who were to the Organization for only a few months and was the author of a single blog post related to our campaigns to release Vietnamese bloggers this led us to the disturbing conclusion that it only takes a single blog post to get on the Vietnamese government's radar so the campaign targeting EFF
employers looked like this we have an invitation to the Oxfam conference from Andrew Oxfam the same our was also sent to an Associated Press reporter masquerading as Human Rights Watch paper sent by HRW agent a Human Rights Watch is another NGO so the targeting shows a
really strong understanding of what motivates activists in Internet freedom C we really like being invited to conferences in exotic places like Montreal and brand research papers the attackers were really want us to get to open the documents they would have also offered free flights and hotels process brave you were going attract officially as you can see
from the e-mails that 2 attachments that invitation that HCA and location that artist you are exactly the same the detection rate for this malware was very low died in virustotal we only saw 1 AV vendor 47 detecting this when we wrote a report in 2014 In the attack clicking the link on the e-mail takes the user to malicious HTML applications filed this this is super old attack and it only works on all the Windows systems that but it works because so much of the population of Vietnam has older Windows systems so these attacks that need to be very sophisticated the file metadata said uh this in the images of the same obligation contains an encoded executable and also contains a Microsoft Word document called by the body et . doc when the recipient run the attachment it drops the body a dot . it opens the body at our doc file and randomly named executable Bobby . doc is displayed in the executables run it installs the following files several registry changes are made to enable the malicious implant to persist after reboot and the File API MS win cortex state is written into the process space Explore . EXE which then instantiates an outbound connection on 4 4 4 3 2 Yelp . web popped out I when we wrote a report the domain that these were the other domains that were hosted on the since server is then used as a kid we found that was used command and control server for other Vietnamese affiliated now our and examining amour reveal the relationship to earlier campaigns which targeted Vietnamese activists In February of 2013 that Viennese blogger in mathematics professor received this e-mail the like them our the targeted EFF and associated press the attachment was an HTML application In this case the attachment was compressed with 7 and you can see the metadata here as well the
as with the EFF NAP attacks the HTML application contains encoded executable and a document doubtful e . doc running the same file displays the document and once again drops a bunch of
files values are inserted in the Windows registry for persistence and implant contacts a remote to many control domain again on poor for 4 3 the but the prominent Vietnamese pro-democracy bloggers living in California it was successfully targeted by this attack which led to the compromise of blog and invasion of the private life
so the group behind these attacks appears to have been operating since 2009 they've been very active In targeting Vietnamese dissidents uh people writing on Vietnam and the Vietnamese diaspora the attack appears to be the work of a group commonly known as and mispronounced this since the and well it's been anecdotally claim to be the work of Chinese actors we think that it seems much more likely to be the works of somebody associated with the Vietnamese Government who's targeting Vietnamese people
In another incident my colleague julian York was spoken early in the morning by a phone call from a number in the UK the man call your said he was a journalist with writers and he began with small talk which indicated that he was familiar with her work the connection wasn't good and the caller hung up to me and immediately called back he said there was something you wanted to discuss and verified the other correct e-mail address for
immediately after the phone calls Julian received an e-mail masquerading as set from the Reuters news agencies tech department and asking for an interview the spoofed e-mail contains some errors including the misspelling read we you choose the clicking on the link in the e-mail would take you to this phishing URL which is disguised with a Google redirect luckily Gillian is smart and she recognizes a fishing attack when she sees 1 since you can click the link the attacker got impatient and called her back insisting that she opened the document at this point aware of what was going on the doing in this that have a little fun with the attacker and requested BTE include the text of the message in the body of his e-mail the knowing of course that he wouldn't the attacker said the same e-mail again the this time from a different e-mail address even called Gillian continuing to insist that the open that that she opened the document saying there was from his personal e-mail address so must be a cat Chile of course refused to the attacker than 30 more times that day which he didn't do anything you increases credibility the angry ex-boyfriend approach the attack wasn't successful the the so Citizen
Lab researchers John Scott rail 10 and K. Klingmüller research and report on these attacks which in addition to Gillian had targeted Iranian activists Due to the nature of the targets and other indicators the researchers concluded that these acts were likely Riemannian origin I we think that Chilean was targeted because of her work with Iranian activists the meanwhile
Ethiopia with some political situation unfolding was very similar to vietnam increasingly repressive government exercising control over all local media independent media relying heavily on social media and blogs to get the message out and a crackdown on bloggers probably the best known Ethiopian dissidents are this 0 9 bloggers who have recently been released and acquitted after years of physical threats intimidation and legal battles zone 9 blog gets its name from cality prison outside of a of which is divided into zones with journalists and political prisoners being held in zone 8 the bloggers been vocal in their critique of the government policy and practice especially the growing role of government surveillance and ever worsening crackdowns on independent media and on free expression 4 years they fought a protracted legal battle in which the government charge them with working with foreign organizations that claim to be human rights activists and agreeing in idea and receiving finance to incite public wireless through social media and that was the charge that 1 that's a mouthful the Ethiopian government has
the power to intimidate and imprison bloggers dissidents and journalists within its own borders but it's harder for them to reach influential dissidents who are part of Ethiopia's diaspora community outside of the country for this capability the Ethiopian government turned to rats significantly the Ethiopian government is 1 of the few governments they can boast of having purchased both thing Fisher an action team implants this is sort of a belt and suspenders approach to government spying and expose neither 1 of them worked out very well in the end this report by Citizen Lab includes an
analysis of the Finns by campaign in Ethiopia and that use pictures of the opposition group G bought 7 as bait to infect users in the spear phishing campaign 1 of the victims of this campaign was an activist who was living in Washington DC who goes by the pseudonym Kodani so EFF represented
to die in a lawsuit against the Ethiopian government the i with the help of a researcher Bill March act we were able to demonstrate that the Ethiopian government had used things by to spy on Mr. Khadr on escaped calls Google searches since they did so without a warrant we argue that the Ethiopian government illegally wiretapped invaded the privacy of our client the US citizen on US soil but if you're going to spy on Americans on American soil we think you should have to follow US law the federal court recently dismissed the case unfortunately and we're currently drafting our appeal and then
there was pong storm the and also known as the dancing bears that the
so we used on the Electronic Frontier Foundation downward but with apparently let it expire in a few years ago and it fell into the hands of domains quarters but in August 2015 we got a call from some friends on the Google security letting us know that they observed Electronic Frontier Foundation . org being used as part of a targeted our campaign we began looking into it and we noticed a large number of similarities to the pond storm attack campaign which was going on around that same time Trend Micro done a report on the plants from campaign a month before and indeed they describe how a spear phishing campaign I was directing users to a Java exploit which then downloaded and executed a dropper for the said in our Trend Micro world the attribution
dice and links the ponds from campaign to dancing bear APT 28 citing the fact that they're using the same custom our and have similar targets i in 2014 paper of fire highly DPT 28 with the Russian government based on technical evidence technical sophistication and the target shits you already heard all about dancing bear or 28 by from the excellent talk on Friday by John Jesse and Thomas from the set so I'm not going to get into detail about them here the I add those guys did we a more research than I have and it was a fantastic talk so this is the fake domain really APT 28 well go through the evidence I we have Electronic Frontier Foundation . org which is an excellent domain for spearfishing so that we can check that off we have a job ads which is the same as the 1 reported the use by upon storm so that we can check that off we have dropper which is named Cormack that and see our this is the same name that was observed to be used in the bonds from campaign unfortunately we weren't able to recover a copy of the draft file that we did find a sample later but but despite that drawing from these conclusions it seems likely that the organization that bind the fake EFF phishing attack is likely the same 1 as sponsor and also therefore has ties the Russian government attacks targeted Russian dissidents and journalists US defense contractors NATO forces and White House staff but we don't know who the targets were for this particular attack but it doesn't appear that was anyone in the EFF staff the so start about the exploits that because this is we can there were 2 John exploits at work here both of which were day when upon storm attacks began the 1st Saturday disabled quick to play protections that Java has in place allowing for an unsigned Java applet to run automatically in the browser as soon as you click the link the 2nd was the object the serialization learnability which allow the attacker to modify and actually on unrelated objects the In this case the attacker used it to turn off the job a security manager which then allowed them to download and execute the binary file so the trend micro lead already did quite a bit of research on the job that exploits unwilling a briefly explain them here as the click to place late takes advantage of the job network launched protocol or J NLP Jane let's applications launched on the desktop use resources from the hosted by hosted on a remote web server they can be used in line base 64 encoded Java applet in a webpage to speed up lunchtime i which you can see appear normally this would get some metadata from the inner dodging LP file and then lost the applet encoded
in the GOP embedded parameter with click to play protection but but that's not what
happens in this case so Java provides a directory service that allows Java tries to discover and look up objects by name it's called java naming and directory interfaces J and for the year for this exploit the attacker crafts a standard in a dungeon LP file with 1 important change the file contains metadata about the applet and can also contain a progress class tribute which should contain an implementation of the download service listener the interface but this is a John interface to display of decision loading buyer for the apple the instead in this case it contains the cluster of X . naming . initial context which starts a GTR requests for an object of the attackers choosing java runtime should have ensured that progress class was an instance of download service was the but but they didn't and that's what allows for this exploit just like start naming that initial context gets a GDI file from the malicious server which then uses JND I to request and run an arbitrary class of these actors using without any click to play projections the in this case are the attacker was the go classes from malicious good our class is then
used to launch Apr . class which is seen above this brings us to the 2nd javex play which is the vulnerability in object serialization vulnerability allows an attacker to craft a serialized objects which then 1 and serialize contains as 1 of its attributes the private atrophy of another object outside of the serialized object and this is the crafted surrealist object don't bother federated after the objects the
serialized this is what it looks like in memory I we have an atomic reference array objects which contains an array of help objects which is another class that was defined by the here's the code that
implements the exploit time step 1 we serializer crafted objects which sets up the atomic reference ray you saw further deserializing object sets of a chain of events in 2 and 3 which let us stricter job interpreter entered typecasting ClassLoader objects into help objects allowing the attacker to call the protected method ClassLoader that define class calling defined lets us define the system . security manager objects thus disabling it allowing the code to download and execute the stage to drop it's worth noting here that their Java code contained facilities to download code for Windows and for Unix-like systems so when we were unfortunately not able to find any examples of these payload although maybe the sick guys have some but the maybe some of it's also worth noting the Deacon mild Apr . class contained all lot of debugging strings but this suggests that the attackers were in a hurry to deploy this good or the sloppy you can see there there's some system . out of print lines and and enough time remove the debugging strings the so the stage 2 drivers call
Cormack that Sierra and it's given a randomly chosen name was from the system and it's it proper for the set in our the
dropper checks if a debugger is present and then decodes the data using a C. 4 rights register he's and does a local privilege acts escalated attempts a local privilege escalation explode and then drops and starts at the
on Sunday in this case is really call the API and that's wind down level profile it registers 5 exports and out of which only 2 of them continuing interest but not to get into
detail on said that because as been used another upon storm campaigns and there's already plenty of research including the excellent talk on Friday out but Cormack that MCI are is new for the past 1 group so we decided it be worth taking a closer look at that so during the
analysis that we started to find some interesting strings as you can see so maybe like the command line you I had exploi 8 fault forged through AI linked to so elevated ideal world and AI user agent for Mozilla also the heck string the beef kind of suspicious and we also
found this the what the hell is this is 1 single string i in the binary looks like maybe a concatenation of a bunch of HTML character entities and I know what's going on here when so the
user some interesting strings and we figured that we should learn more about if we could learn more about where they come from we this a probably give us some good insights into the dropper and what all it's doing and maybe even some links back to other campaigns so I fired up the most powerful reverse-engineering tool of all Google and I search for the strings and it turns out I got some pretty interesting results the
so about a year ago the notorious mercenary hacking group patenting had the service completely owned the hacker if Fisher dropped out for 100 gigabytes documents e-mails source codes exploits and binaries 1 of IRI's contain many of the same interesting strings from the drop but the binary is calculated that
EXE which appears to be a proof of concept for a local privilege escalation explained for Windows here you can see a hex dump
of the did a section of calculated ID exceeding for Mac dundancy our and know that they both contain that string elected beef followed by the URL for elevated ideal l and then a series of no bytes and so they get to what appears to be a bunch of deal imports strings and the 2 sections of the binary are identical
but use the source file which was also in hacking team dumped come loaded at sea and as you can see a contains the string . elevator as well as many of the same other strings that we saw in a binary and it also contains some some assembly code which loads the privilege escalation exploit that paid mentioned earlier
so there's an interesting time line here the hacking the leaks happened on June 6 around 1 30 AM UTC plus 1 the the earliest sample of format that CR that is able to find online has a compilation time stamp of June 7th at 1342 UTC plus 1 this is just a 36 hours later no whether samples on the Internet containing the any of these libraries until 1 is compiled on june 20 9th so
what is this means wired these guys so fast how did they recompile how did they get this in 36 hours right it seems pretty significant I have 2 theories about this
31 by dancing bears his vacuum leaks on Monday morning when they get into work the the download the torrent they look through the source code they find their privilege escalation exploit the RC they decide it's interesting they get a compiling the integrated into the new dropper they tested and they pull the trigger on the operation 36 hours later there's some holes in this theory 1 1 that'll shit load work but why would a team that is professional right way uh and presumably testing their splits include brand untested those leaked on the Internet in the operation which is about to be alive I'm not sure makes a whole lot of sense given what we know about them another theory is that perhaps using we're already had access to the particular hockey team source code and were in the process of integrating it into the dropper theoretically this or that contain weeks realizes signatures would soon end up and answer virus and decided xt the operation within 36 hours at it makes about as much sense the last theory but we have to ask yourselves how they got the source code in the 1st place because bottom American team but it doesn't seem like attacking teams business model and it's also not a very good 1 but they could have also own hacking the previous to the leaks and already had access to the source code that way so I None of these theories are great and I have still true for either 1 of them so in my opinion it's worth researching further to discover if at the barnstormed in rare campaign has any other links tracking team from before the leaks or if they how they've been using it since the attack I think it's also interesting and worthwhile to research how the hacking team our has spread and then used sense that continually happened I and I wanna mention here do what a boon that 19 links work for researchers who are investigating hacking team our the Reds hunter reports an attribution that were made possible by the leaking of this information there is a lot harder attribution which just we wouldn't have been possible otherwise I the In my opinion this illustrates just how useful links can be for reverse engineers and our researchers not just for investigative journalists so thanks to the least in addition to the research the trend micro I done and the fact that it targeted us we were able to draw some interesting connections and attributes that we would have otherwise been able to
so what lessons can we take away from the attacks that I demonstrated here today 1 lesson is that the attacks don't need to be sophisticated to work most of these attacks were pretty bog-standard spear phishing attacks friend humans people cyclic malicious links open malicious documents governments are rarely using 0 days in this situation and it seems like governments mostly say there's a days for other governments but sometimes they're not even using particularly sophisticated rats that stuff cost money having said that attacks don't need to be sophisticated to work and the targeting that we see often is very sophisticated attackers know what interest the targets human rights reports news relevant to their work and free trips to conferences so 2 years
ago my colleague Eva Galperin embarked on a campaign to get security professionals more involved in this particular kind of security research which we felt was typically overlooked because it's often not technically sophisticated we discovered that there were a lot of reverses who were interested in helping but integrating them into our workflow proved to be quite difficult or
work in the area has a lot of aspects uh and some of the things we do our community relations and trust building uh even traveled all over the world and other of my colleagues and work directly with vulnerable populations on the ground this helps us to build the kind of trust relationship that you need in order to convince an activist being spied on by her Government to give you full access to the devices for potentially sensitive information the we also the insulin response from our analysis and write reports about the aware that we find the if we were to educate vulnerable populations about the specific threats that they face it's been doing inverse trainings as well as through our Internet privacy and security guard the surveillance self-defense can sometimes the work that we do has implications for policy or for law-enforcement in which we write policy papers or we you activism around these issues and such as our work opposing the changes the vast knowledge we also work to commence companies to change their practices or policies in ways that help protect users especially vulnerable populations like activists and journalists and last of all we follow up sometimes that means a learning a company that 1 of the machines has been compromised the new style as to seem to 0 sometimes that means shutting but that means sitting down with the victim and getting their laptop back into a state where they can use it for their everyday work and you know holding the hand and telling that everything's gonna be OK as it turns out security research communities mostly interested in doing the actual now analysis because that's the fun part and that's what we're gonna have prepared to give their time but they will be presented with a finite task that they can simply in a couple of hours because you know you have other work to do only a small portion of the work that we do fits this description and which made collaboration tricky but we made a lot of great contacts but few lamented up being of their contributor research because it mostly wasn't the type of or scope of work done that they were prepared to commit to so what we do now he was
Russian that's the fixation on on the AV industry is in a unique position to see many types of attacks but we would like them to issue the kinds of warnings to people they think are being targeted by nation states that Google and where you it also be for these warnings to actually be useful the with Twitter started sending out warnings to its users but telling them that they thought the they might be targeted before a nation-state attack they advise users to use Tor included link to EFS guide to the safety of social networks neither 1 of which would actually protect you from state-sponsored attack Google advises victims to change their passwords and turn on two-factor authentication which might actually help mitigate attacks so what can you do begin organization that you care about an offer them your services there are a bunch of gray organizations in the world Amnesty International Human Rights Watch freedom of press Foundation fight for the future etc. etc. end most of them I have small to no technical budget and 0 security but when you have these
organizations realize you're not could be hailed as a magical rock-star unicorn which all of us are used to being treated like In
fact they might not even understand what the hell is that you do what is this reverse-engineering nonsense but if it's a college you care about it's more likely that you want to engage in the hand holding and the trust building that it takes to get vulnerable populations to a point where you can start helping them with their security problems the all you recon are similar most talented reverses now our analysts and hackers in the world at shaking his head Eddie affair for still new to this game and are time and monetary budgets are relatively small with your skills and with your resources imagine all the amazing work you could do to protect vulnerable populations such as journalists activists and human rights lawyers all around the world so I urge you to go for forth and do that but inclusions
and thanks to my fellow researchers Morgan Margie bar postmodern Claudio Bill Trend Micro and all of my colleagues at the FSF were the most amazing people I've ever gotten to work with of also huge things to hex rabies virus total that's soldiers budgetary using box for donating their software to us which we can afford otherwise takes the recon staff and a final huge thanks to Eva who I couldn't have done this stop without and who was said she couldn't be here today method you much
so there I think we have some the I that part of it what excellent questions so as you go as if you don't have time to help us directly what can you do to help on and I think some good things to get ways self are if you we have samples of that's hurting people like activists or human rights lawyers please send them away I got a another important thing you can do to help this of course donate because we are a non-profit and ah donations make up most of our budget we don't ever wanna be beholden to the government or corporate money because we wanna keep fighting all of those guys that How can you donate today I feel like you're living somewhere the at so so come on up come on thank you so sorry I don't have any voice anymore since all the parties prior to this so 1 of the questions that people have asked me during the weekend is like I 1 more slide have friends that 1 it they couldn't make it can I buy swagger the thing is we don't sell Schweik volatility would also died back and that this was going to go up in a special way we're going to do work fat and function for it is so wonderful board uh it's version 1 . 0 is the natural Ottersten but this all do products didactic I got that the market I can you give a bit of a description of what this can do the the the the it's probably best described as a bust pirate it's but we have an encore and no and FPGA to hardware Hacking and relations so this is what the last song that would produce for recurrent doesn't so it's going to go for a set of options uh if you on others like in we have swept from the past year C that there's a donation box you need to give a donation don't be cheap but if you ask what you want to the added in new size or Web like colds and stuff like we have a bunch of slides are like that identities so you put money in box n you get this like this is again like is going to be of a sheet of paper and you put your name on the amount but he you'll need to put your name anything that we can then we can authenticate born during the closing ceremony the 0 but your privately if you want to go i which ca and the except all of them can I put my credit card in the yeah definitely credit card numbers do I need to put the number as well yeah know it's super were never been number I also view donated by big point we should ask me pro a can I put like his goal that going about and find any that no physical bitcoins definitely there go right you have there also and by the way if the goal but we gotta going yet I'm sure you can find some of the liquid and the busy but far from here on it's a lot of money in your pocket then you have pass it but you don't want to put the wilting and it there's a bank over there you know 0 we don't accept those going what's wrong with that is going the I love means but we have no way to turn those going and these are just a guy here the can tactoid again but yeah I don't know it's efforts to extend we go work a standard in any other questions there questions looks like no OK thank you very much
Transinformation
Zustand
Vorlesung/Konferenz
Telekommunikation
Stab
Computeranimation
Weg <Topologie>
Datenmissbrauch
Client
Wellenpaket
Softwareschwachstelle
Reverse Engineering
Computersicherheit
Projektive Ebene
Malware
Stab
Softwaretest
Mereologie
Datennetz
Mobiles Internet
Adressraum
Telekommunikation
Technische Zeichnung
Elektronische Publikation
Inverser Limes
Videokonferenz
Endogene Variable
Mobiles Internet
Schnelle Fourier-Transformation
Bandmatrix
Bitrate
Streaming <Kommunikationstechnik>
Maschinenschreiben
Web Site
Rechter Winkel
Computersicherheit
Grundsätze ordnungsmäßiger Datenverarbeitung
Profil <Aerodynamik>
Telekommunikation
Gebäude <Mathematik>
Technische Zeichnung
Hacker
Speicher <Informatik>
Quick-Sort
Computeranimation
Prozess <Informatik>
Computersicherheit
Gebäude <Mathematik>
Telekommunikation
Computer
Extreme programming
Computeranimation
Internetworking
Multiplikation
Kontrollstruktur
Selbst organisierendes System
Computersicherheit
Mathematisierung
Implementierung
Service provider
Computeranimation
Internetworking
Endogene Variable
Prozess <Informatik>
Computersicherheit
Emulator
Implementierung
Normalvektor
Analysis
Datenmissbrauch
Einfügungsdämpfung
Browser
Mereologie
Mobiles Internet
Familie <Mathematik>
Telekommunikation
Projektive Ebene
Technische Zeichnung
p-Block
Computeranimation
Autorisierung
Einfach zusammenhängender Raum
Client
Web Site
Digitales Zertifikat
Freeware
Computersicherheit
Computersicherheit
Telekommunikation
Projektive Ebene
Hacker
Maßerweiterung
Computeranimation
Familie <Mathematik>
Stellenring
Spyware
Computerunterstütztes Verfahren
Computer
Extrempunkt
E-Mail
Computeranimation
Internetworking
Message-Passing
Software
Primzahlzwillinge
Vererbungshierarchie
Passwort
Spyware
Ereignishorizont
Drei
Default
Normalvektor
Internetworking
Benutzeroberfläche
CALIBAN <Programm>
Software
Telnet
SLAM-Verfahren
Einheit <Mathematik>
Server
Authentifikation
Information
Mini-Disc
Verkehrsinformation
Aggregatzustand
Materialisation <Physik>
Web log
Technische Zeichnung
Analytische Menge
Web log
Client
Konditionszahl
Endogene Variable
Hypermedia
Ablöseblase
Gamecontroller
Message-Passing
Aggregatzustand
Autorisierung
Web log
Selbst organisierendes System
Rohdaten
Mathematisierung
Einfache Genauigkeit
Telekommunikation
Malware
Computeranimation
Verschlingung
Stichprobenumfang
Anwendungssoftware
Modem
Verkehrsinformation
Prozess <Physik>
Freeware
Web log
Wort <Informatik>
Weg <Topologie>
Mathematisierung
Kartesische Koordinaten
Template
Computeranimation
Homepage
Internetworking
Metropolitan area network
Metadaten
Freeware
Benutzerbeteiligung
Domain-Name
Code
Total <Mathematik>
Bildschirmfenster
Computersicherheit
E-Mail
Bildgebendes Verfahren
Virtuelle Adresse
Kartesische Koordinaten
Normalvektor
Konfigurationsdatenbank
Einfach zusammenhängender Raum
Elektronische Publikation
Mathematik
Booten
Mathematisierung
Malware
Physikalisches System
Tablet PC
Elektronische Publikation
Bitrate
Binder <Informatik>
Office-Paket
Zahlenbereich
Ablöseblase
Gamecontroller
Server
URL
Versionsverwaltung
Verkehrsinformation
Aggregatzustand
Tropfen
Videospiel
Domain-Name
Task
Web log
Datensichtgerät
Gamecontroller
Telekommunikation
Kartesische Koordinaten
Elektronische Publikation
Computeranimation
Konfigurationsdatenbank
Einfach zusammenhängender Raum
Adressraum
Gruppenkeim
Zahlenbereich
Systemaufruf
Telekommunikation
E-Mail
Inzidenzalgebra
Arithmetisches Mittel
Metropolitan area network
Addition
Subtraktion
Teilbarkeit
Dichte <Stochastik>
Natürliche Zahl
Adressraum
Telekommunikation
Kontextbezogenes System
Binder <Informatik>
Computeranimation
Authentifikation
Indexberechnung
Computerunterstützte Übersetzung
E-Mail
Verkehrsinformation
Boltzmann-Gleichung
Message-Passing
Normalvektor
Lesen <Datenverarbeitung>
Fehlermeldung
Web log
Freeware
Selbst organisierendes System
Stochastische Abhängigkeit
Gruppenoperation
Physikalismus
Stellenring
Zeitzone
Quick-Sort
Computeranimation
Gefangenendilemma
Arithmetischer Ausdruck
Rechter Winkel
Mereologie
Hypermedia
Gamecontroller
Drahtloses lokales Netz
Verkehrsinformation
Leistung <Physik>
Wurm <Informatik>
Datenmissbrauch
Client
Anonymisierung
Kommensurabilität
Gruppenkeim
Systemaufruf
Malware
Gesetz <Physik>
Hilfesystem
Computeranimation
Analysis
MUD
Elektronische Publikation
Computersicherheit
Applet
Applet
Zahlenbereich
Systemaufruf
Ähnlichkeitsgeometrie
Telekommunikation
Technische Zeichnung
Domain-Name
Twitter <Softwareplattform>
Mereologie
Verkehrsinformation
Attributierte Grammatik
Objekt <Kategorie>
Bit
Euler-Winkel
Selbst organisierendes System
Browser
Stab
Applet
Phishing
Kartesische Koordinaten
Web-Seite
Computeranimation
Metadaten
Domain-Name
Benutzerbeteiligung
Datenmanagement
RPC
Prozess <Informatik>
Binärdaten
Stichprobenumfang
Softwareschwachstelle
Gerade
Parametersystem
Schnelltaste
Protokoll <Datenverarbeitungssystem>
Datennetz
Computersicherheit
Applet
Technische Zeichnung
Automatische Differentiation
Exploit
Elektronische Publikation
Binder <Informatik>
Objekt <Kategorie>
Exploit
Twitter <Softwareplattform>
Forcing
Server
Serielle Schnittstelle
Innerer Punkt
Datensichtgerät
Mathematisierung
Applet
Klasse <Mathematik>
Rechenzeit
Implementierung
Technische Zeichnung
Elektronische Publikation
Kontextbezogenes System
Computeranimation
Entscheidungstheorie
Objekt <Kategorie>
Metadaten
Dienst <Informatik>
Arithmetische Folge
Softwareschwachstelle
Server
Serielle Schnittstelle
Projektive Ebene
Verzeichnisdienst
Attributierte Grammatik
Instantiierung
Standardabweichung
Schnittstelle
Interpretierer
Computersicherheit
Applet
Hochdruck
Klasse <Mathematik>
Wurm <Informatik>
Telekommunikation
Ordinalzahl
Physikalisches System
Ereignishorizont
Code
Computeranimation
Objekt <Kategorie>
Druckertreiber
Datenmanagement
Verkettung <Informatik>
Menge
Prozess <Informatik>
Festspeicher
Bildschirmfenster
Zustand
Gerade
Hilfesystem
Zeichenkette
Tropfen
Stellenring
Datentyp
Schlüsselverwaltung
Stellenring
Profil <Aerodynamik>
Telekommunikation
Technische Zeichnung
Physikalisches System
Computeranimation
Übergang
Benutzerprofil
Intel
Konfigurationsdatenbank
Rechter Winkel
Debugging
Compiler
Explosion <Stochastik>
Hecke-Operator
Prozess <Informatik>
Gruppenkeim
Ideal <Mathematik>
Telekommunikation
Technische Zeichnung
Computeranimation
Zeichenkette
Hypermedia
Font
Gewicht <Mathematik>
Exploit
Versionsverwaltung
Analysis
Zeichenkette
Resultante
Kappa-Koeffizient
SCI <Informatik>
Reverse Engineering
Telekommunikation
Technische Zeichnung
Binder <Informatik>
Computeranimation
Leistung <Physik>
Zeichenkette
Spielkonsole
Gruppenkeim
Extrempunkt
Binärcode
Computeranimation
Intel
Open Source
Code
Bildschirmfenster
Tropfen
Hacker
Inklusion <Mathematik>
Binärcode
Elektronische Publikation
Datentyp
Sechsecknetz
Stellenring
Reihe
Ideal <Mathematik>
Quellcode
Exploit
Rechnen
Dienst <Informatik>
Einheit <Mathematik>
Beweistheorie
Speicherabzug
Garbentheorie
Compiler
Zeichenkette
Leck
Assembler
Sampler <Musikinstrument>
Compiler
Stichprobe
Telekommunikation
Technische Zeichnung
Quellcode
E-Mail
Computeranimation
Zeitstempel
Internetworking
Leck
Last
Stichprobenumfang
Programmbibliothek
Dateiformat
Zeitstempel
Hacker
Gerade
Zeichenkette
Computervirus
Prozess <Physik>
Unternehmensmodell
Physikalische Theorie
Internetworking
Computeranimation
Leck
Reverse Engineering
Minimum
Hacker
Attributierte Grammatik
Einfach zusammenhängender Raum
Nichtlinearer Operator
Addition
Telekommunikation
Technische Zeichnung
Quellcode
Binder <Informatik>
Elektronische Unterschrift
Twitter <Softwareplattform>
Hochvakuum
Last
Einheit <Mathematik>
Information
Arithmetisches Mittel
Freeware
Offene Menge
Rechter Winkel
Computersicherheit
Binder <Informatik>
Verkehrsinformation
Wellenpaket
Mathematisierung
Schreiben <Datenverarbeitung>
Analysis
Computeranimation
Internetworking
Intel
Task
Deskriptive Statistik
Virtuelle Maschine
Notebook-Computer
Datentyp
Endogene Variable
Analysis
Datenmissbrauch
Computerforensik
Computersicherheit
Relativitätstheorie
Gebäude <Mathematik>
Telekommunikation
Malware
Technische Zeichnung
Endogene Variable
Flächeninhalt
Softwareschwachstelle
Mereologie
Information
Binäre Relation
Ordnung <Mathematik>
Verkehrsinformation
Aggregatzustand
Fitnessfunktion
Dienst <Informatik>
Twitter <Softwareplattform>
Ortsoperator
Selbst organisierendes System
Computersicherheit
Datentyp
Authentifikation
Technische Zeichnung
Elektronischer Programmführer
Computervirus
Binder <Informatik>
Aggregatzustand
Computervirus
Total <Mathematik>
Punkt
Quader
Sechsecknetz
Stab
Computersicherheit
Gebäude <Mathematik>
Technische Zeichnung
Dienst <Informatik>
Computervirus
Computeranimation
Software
Spieltheorie
Reverse Engineering
Softwareschwachstelle
Rechter Winkel
Software
Zustand
Total <Mathematik>
Hacker
Inklusion <Mathematik>
Stab
Schreib-Lese-Kopf
Bit
Punkt
Quader
Versionsverwaltung
Abgeschlossene Menge
Zahlenbereich
Whiteboard
Deskriptive Statistik
Benutzerbeteiligung
Nichtunterscheidbarkeit
Stichprobenumfang
Hacker
Lineares Funktional
Hardware
Softwarepiraterie
Relativitätstheorie
Flüssiger Zustand
Biprodukt
Chipkarte
Konfiguration <Informatik>
Rechenschieber
Arithmetisches Mittel
Menge
Rechter Winkel
Mereologie
Standardabweichung
Chipkarte
Offene Menge
Kernel <Informatik>
Hydrostatik
Radikal <Mathematik>
Information
Systemzusammenbruch
Analysis
Computeranimation
Axiom
Chirurgie <Mathematik>
Font
Hook <Programmierung>
Digitalsignal
Code
Gamecontroller
Anwendungssoftware
Computersicherheit
Vorlesung/Konferenz
Punkt
Emulator
Druckertreiber
Hacker
Folge <Mathematik>
Dichte <Stochastik>
Reverse Engineering
Dualitätssatz
Spieltheorie
Debugging
Digitalfilter
Computervirus
Software
ATM
Bestimmtheitsmaß
Schnittstelle
Mathematische Logik
Kontrollstruktur
Social Engineering <Sicherheit>
MIMD
Gebäude <Mathematik>
Kraft
Dienst <Informatik>
Nummerung
ROM <Informatik>
Physikalisches System
Systemprogrammierung
Iteration
Proxy Server
Transaktionsverwaltung
Stochastische Abhängigkeit
Hardware
Binärdaten
Programm
Ortsoperator
Binärcode
Architektur <Informatik>
Elektronische Publikation
Gasströmung
Vektorpotenzial
Maskierung <Informatik>
Kombinatorische Gruppentheorie
Zeichenkette
Office-Paket
Compiler
Visualisierung

Metadaten

Formale Metadaten

Titel When Governments Attack
Serientitel REcon 2016
Teil 17
Anzahl der Teile 20
Autor Quintin, Cooper
Galperin, Eva
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/32750
Herausgeber REcon
Erscheinungsjahr 2016
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Targeted malware campaigns against Activists, Lawyers and journalists are becoming extremely commonplace. These attacks range in sophistication from simple spear-phishing campaigns using off the shelf malware, to APT-level attacks employing exploits, large budgets, and increasingly sophisticated techniques. Activists, lawyers and journalists are, for the most part, completely unprepared to deal with cyber-attacks; most of them don’t even have a single security professional on staff. In this session Eva Galperin and Cooper Quintin of the Electronic Frontier Foundation will discuss the technical and operational details of malware campaigns against activists, journalists, and lawyers around the world, including EFF. They will also present brand new research about a threat actor targeting lawyers and activists in Europe and the Post-Soviet States. With targeted malware campaigns, governments have a powerful tool to suppress and silence dissent. As security professionals we are in a unique position to help in this fight.

Ähnliche Filme

Loading...