AV-Portal 3.23.3 (4dfb8a34932102951b25870966c61d06d6b97156)

Helping the Helpless

Video in TIB AV-Portal: Helping the Helpless

Formal Metadata

Helping the Helpless
Targeted threats to civil society
Title of Series
Number of Parts
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
In this talk we'll go through many examples of targeted surveillance employed by governments all around the world and we'll try to understand the taxonomy and nature of these attacks from a technical and from a political perspective. We'll find that many share common characteristics and that in many cases we have the capacity to identify, track and stop these attacks, often directed against journalists, dissidents and activists in their countries and in exile. With a little good will and coordination, we can all collectively have a concrete impact. Let's start now.
Open source Software developer Projective plane Civil engineering Chaos (cosmogony) Information privacy System call Telecommunication Hacker (term) Internetworking Right angle Hacker (term) Information security
Point (geometry) Goodness of fit Civil engineering Internetworking Hacker (term) Personal digital assistant Self-organization Right angle Bit Perturbation theory Mass Immersion (album)
Latent heat Single-precision floating-point format Sheaf (mathematics) Cuboid Mass Bit Mass Musical ensemble Information privacy Exception handling
Group action Direction (geometry) 1 (number) Mass Information privacy Mereology Event horizon Computer programming Number Neuroinformatik Flow separation Different (Kate Ryan album) Internetworking Encryption Router (computing) Information security Communications system Regulator gene Mass Bit Connected space Type theory Word Message passing Software Website Quicksort
Point (geometry) Group action Context awareness Service (economics) Real number Direction (geometry) Modal logic 1 (number) Water vapor Mass Field (computer science) Wave packet Neuroinformatik Goodness of fit Different (Kate Ryan album) Encryption Electronic mailing list Line (geometry) Statistics Word Arithmetic mean Software Personal digital assistant Video game Encryption
Presentation of a group Service (economics) Personal digital assistant Videoconferencing Digital object identifier YouTube
Demon Group action Physical law State of matter Set (mathematics) Similarity (geometry) Water vapor Demoscene Digital object identifier Rule of inference Number Power (physics) Type theory Hacker (term) Factory (trading post) Quicksort Videoconferencing Exception handling
Point (geometry) Domain name Context awareness Email Regulärer Ausdruck <Textverarbeitung> Digital media Computer-generated imagery Projective plane Cellular automaton Finite element method Arithmetic mean Malware Internetworking Radio-frequency identification Hypermedia Internetworking Personal digital assistant Videoconferencing
Facebook Group action Malware Computer file Personal digital assistant Speech synthesis Position operator
Group action Context awareness Game controller Functional (mathematics) Clique-width Service (economics) State of matter Interior (topology) Multiplication sign Direction (geometry) 1 (number) Student's t-test Event horizon Product (business) Latent heat Goodness of fit Internetworking Hacker (term) String (computer science) Authorization Software framework Position operator Physical system Mobile Web Area Email Regulator gene Physical law State of matter Bit Line (geometry) Group action Type theory Arithmetic mean Word Software Personal digital assistant Telecommunication Internet service provider Order (biology) Self-organization Right angle Intercept theorem Computer worm
Point (geometry) INTEGRAL Software Physical law State of matter Computer Computer Formal grammar
Mathematics Malware Spyware Computer configuration Network socket
Point (geometry) Identifiability Multiplication sign Perspective (visual) Cartesian coordinate system Power (physics) Neuroinformatik Wave packet Different (Kate Ryan album) Encryption Endliche Modelltheorie Rhombus Dialect Link (knot theory) Inheritance (object-oriented programming) Forcing (mathematics) Sound effect Perturbation theory Line (geometry) Twitter Social engineering (security) Type theory Software Integrated development environment Personal digital assistant Phase transition Order (biology) Finite-state machine Pattern language Hacker (term)
Source code Slide rule Presentation of a group State of matter Variety (linguistics) Weight Multiplication sign Source code Exploit (computer security) Exploit (computer security) Number Revision control Frequency Malware Causality Different (Kate Ryan album) Order (biology) Revision control Endliche Modelltheorie
Point (geometry) Web page Context awareness Server (computing) Freeware Observational study Link (knot theory) Civil engineering Multiplication sign 1 (number) Exploit (computer security) Bit rate Open set Mereology Number Facebook Goodness of fit Array data structure Internetworking Different (Kate Ryan album) Hypermedia Videoconferencing Address space Condition number Exception handling Area Multiplication Turing test Regulator gene Spyware Cellular automaton Physicalism Extreme programming Exploit (computer security) Landing page Social engineering (security) Process (computing) Personal digital assistant Order (biology) Pattern language Resultant
Word Arithmetic mean Radius Hacker (term) Analogy Reflection (mathematics) Electronic program guide Inclined plane Mereology Information security Metropolitan area network Exception handling
Cybersex Point (geometry) Context awareness Group action Theory of relativity Regulator gene Information State of matter Multiplication sign Group action Cursor (computers) Word Hacker (term) Different (Kate Ryan album) Hypermedia Single-precision floating-point format Self-organization Energy level Information Information security Traffic reporting
Malware Multiplication sign Computer network Sampling (statistics) Bit Digital signal Interrupt <Informatik> Intercept theorem Flow separation Exploit (computer security) Computer programming
Information Multiplication sign Frame problem Computer programming Twitter Neuroinformatik Expected value Process (computing) Self-organization Musical ensemble Data conversion Information security Resultant
Ocean current Point (geometry) Game controller Context awareness Group action Implementation Service (economics) State of matter Multiplication sign 1 (number) Set (mathematics) Water vapor Coma Berenices Mereology Information privacy Number Expected value Different (Kate Ryan album) Hacker (term) Internetworking Computer configuration Energy level Information security Position operator Regulator gene Information Block (periodic table) Feedback Mathematical analysis Expert system Sound effect Software Personal digital assistant Hacker (term) Reading (process)
Point (geometry) Group action Building Game controller Context awareness Service (economics) Civil engineering Multiplication sign Channel capacity Field (computer science) Malware Mathematics Strategy game Hacker (term) Different (Kate Ryan album) Hypermedia Single-precision floating-point format Encryption Office suite Information security Traffic reporting Standard deviation Theory of relativity Channel capacity Chemical equation Moment (mathematics) Mathematical analysis Staff (military) Limit (category theory) Type theory Software Order (biology) Self-organization Right angle Quicksort Communications protocol Freezing
Process (computing) Hypermedia View (database) 1 (number) Self-organization Website Right angle Online help Information security Hacker (term) Information privacy Computing platform
Point (geometry) Asynchronous Transfer Mode Building Server (computing) Computer file Civil engineering 1 (number) Mereology Front and back ends Malware Encryption Negative number Cuboid Data structure Position operator Computing platform Self-organization Collaborationism Knowledge base Information Server (computing) Sampling (statistics) Electronic mailing list Sound effect Digital signal Front and back ends Type theory Hash function Repository (publishing) Self-organization Website Quicksort Hacker (term) Information security
Type theory Latent heat Service (economics) Information Multiplication sign Cartesian closed category Self-organization Line (geometry) Cartesian coordinate system Family Metadata Physical system
Touchscreen Group action Context awareness Existence Building Civil engineering Multiplication sign 1 (number) Exploit (computer security) Online help Mereology Event horizon Machine vision Field (computer science) Different (Kate Ryan album) Interrupt <Informatik> Drum memory Information security Computing platform Metropolitan area network Position operator Computer network Flow separation Type theory Event horizon Self-organization Right angle PRINCE2 Quicksort
let me introduce you cloudy all cloudy or is that a hacker is open source developer use a
privacy and security researchers and to mostly a human rights advocate and she is also a call member of honeynet project and Center for Internet and human rights and he's specialize on the government surveillance and France diet to dissidents and journalists and today we will go for this lecture fool many examples of target its alliance employed by governments all around the world and we will see how we can make a conquered impact and change the situation thank you very much and wellcome Gowdy off hello everyone thanks for coming
Monday blind some here guys I
I can a slightly change what originally wanted talk about I worked as Spanish introduce on but surveillance a lot high helped and civil society organizations and rights offenders deal started surveillance that that's a different kind and over the last years we collected a lot of good examples that show what exactly this means and what these attacks hot look like what are the implications and difficulties in researching this things I'm however I decided to do something out of the different I'm not going to go through the details or technical details of about these kinds of cases but actually of hot what I learned over the last few years and what it means to me at least and engage in this can work so the bit of introduction would scanning ancestry now but ClO you're going by next I'm a hacker I do a little bit of journalism and that every now and then a research fellow the Citizen Lab at immersive toronto with which I didn't actually most of my research work and also a Fellow at the Center for Internet human rights show 1st the starting point is always have to be a mass surveillance
and now we talked about a lot will learn a lot about mass surveillance not 2 years and we fought very hard unless the years to get the public to be at an in interested in this topic in care about this topic and Snowden-the revealed a lot of material of the fermentation of mass surveillance and a little bit on surveillance as well but generally it has been the main topic of discussion of the last years and there is general consensus that mass
surveillance is a bad thing with few exceptions couple vessels but surely you know we all kind of agree it's a bad thing but also the public which is doing not engaged in in privacy of circular research understand that is about then chose thinking however I is in a way that I relate to the public and with people that talk to that don't do would these 2 these issues directly and there is a perception that that on the other side targeted surveillance so instead of single box collection of instrument amount of data on renal collecting data on specific individuals this is acceptable and there's nothing wrong with that and over the years a come of developed the middle of thinking that giving to the conclusion that section a great music that way and when it comes to mass
surveillance we did a lot of a a little bit of political improvements there's been a lot of political discourse over into countries in Germany is being probably the only 1 that actually took some action about it but we are the biggest part of it the the outcome of all the regulations of the last 2 years has been on the not technology site you know there's been a great amount of work on producing better privacy enabling technology there's been this no you know a number of new secure messaging and communications systems being developed and most of that probably also the reaction what it's been known and discovered through the sort of revelations about mass events so the and the outcome of this is that we're going to where the direction where encryption is becoming widespread and where encryption is becoming a big is in some way and that's a good thing that's a great thing because it kind of takes away all amount number of issues which are fundamentally and those ones that enable mass surveillance but on the other side the kind of driving us to words the direction which is stressor even even more in some ways which is the you know direction servants and when it
comes down to targeted and mass surveillance it's very easy to make that distinction between them but when it comes down to you not technical aspects of the whole thing we understand they actually are kind of which at each other they're complementary and 1 of us the order in in its own users basically in for example we learn about turbine and continental these huge programs that the NSA make use of and they're part of these programs are related to the ball collection of these programs related to breaking into computers being in all the use of the user and end-user computers or Internet that 1 and routers and so on these kind of different types of actions of active and passive and connect with each other by breaking into computers the yellow to get access to networks like that in full
and in bulk were the actually couldn't otherwise so it's dangerous economy that kind of distinction and especially when we're going to words the direction where bodies surveillance is often justified for all under terrorism investigations in these kinds of things and when you know a few months ago we learned that there's more almost 1 million people on the FBI terror watch list what is targeted anymore what is that the the line to be drawn where targeted become mass at this point however the real problem that of sleaze we start getting is that in it's good that we saw training people to use encryption tool but it still it's good that we start training them on water at Woodard values of being anonymous online but that's not always enough and in a we as I was mentioning before these widespread use of encryption is necessity going to drive the attackers and the intelligence services and whoever is a
adversary to move their monitoring off your action from the network to your computer and then gives them a lot more capabilities in a lot more insight in what your life is about and elderly and we seeing that many examples of that those ones that are not able to both of whom you get properties and keep themselves secure are not going to succeed in the end of you know it's in the in the course of the last few years we work and I work personally directing under which some people in different countries and different realities in different political context and it's not hyperbolic in a when I talk to people that a kind of outside of our field if they feel that we know when we talk about people being surveil than people being monitored by their governments and the bursaries of different kinds recounting of those parliament not that's but it's actually not the case it is true that through these methods and to to use of the means these people get our serious consequences of thing people go to jail as in people in their countries of thing people in all these appearing having some occasions it is a serious matter and we've been talking about this for
a long time if you're interested in many of these these cases in on them and of human story father in and Morgan are from the Citizen Lab as well we presented a Congress a couple of years ago when
we went through all of these situation some of these human stories so it's interesting that after dynamite you to watch the presentation of invited on YouTube and so on however this summer what
is still to bring it is 1 example to give an idea of what should would do with
them most cases when we in think of surveillance and think of target civilians even we almost always talk about governments and boy enforcement and intelligence services and song of democratic non-democratic countries
regardless and we almost always start thinking about the things featuring the hacking demons on the reality of things is that those kind of exceptions of using a large number of things that we observed and is a great example that we that we observe a while ago so the Citizen Lab published a research I think
December last year and these research there but there's a chemical over a new type of factory that we haven't observed before this setting is in Syria the rock is that in city insidious it's about 160 kilometers from Aleppo and about what he want when you're half ago is took over the city and kind of sort of running an as yet waters of that pitch that region so in closing on the schools as of imposing new in the rule of law and Simba repressing dissidents and activists in their own country in their own city that were fighting against a sudden regime and similar they're they're being prosecuted as well but in Newell and the new people power there is a group particular group but activism back that it's called you the the name goes back as being slaughter silently and is a group of people that in previously they
say you know we were actors against a set regime where publishing the wrongdoings of the government's that some point when I took over we decided that we needed to switch and we needed to be even more up front a more courageous in some ways by publishing everything that I listening to our city and and so they did it they make use of the Internet of course then you make use of digital media was awarded do there's taking pictures and videos in the streets and showing what happens when someone is being executed or something happens in in the city and they publish it online and this creates a lot of media attention both in the country and some of the country and because of the attention of been obviously are persecuted heavily and allegedly even 1 of the members have been found and and executed and the other members are in hiding but obviously they can't do this open it would be all at once and some of them left the country even because of the retaliation what they were doing and Cezary hiding from the adversaries so possibly we don't know for a fact of the way that take a researcher never know for a fact but the context interest of was that these might be eyes we people being interesting these individuals deciding trying to find the domains through it and find the anonymized them and the digital mean it comes down always to being started Surveillance and Target Attack 2 different kinds so as it happens in every other situation is
does receive an e-mail in these e-mail there is some very carefully crafted continent that try to lure them into doing something stupid and in this case for example they're saying that there are some serious in Canada and they're sympathetic to the cause and they're working on a project to bring attention to the situation city outside of Syria and they asked them to look at these draft of the work that is doing which is attached to the e-mail and all this with the draft of I've used is pro the going is not legitimate it's a piece of malware to know
if they're not just sitting in that there are also asking to be putting on with the members of the group for Facebook so that they could identify
when you would open the file and you would see some pictures from beaches up a CD with some you can make a public can't read them but there is some markings showing for example American bombing obviously
and in all positions of EISA's quarters and so on and there's a bunch of them you get kind of stroll through them while it opens the speeches in the back up some malicious code is being executed the purpose of this malicious code is actually very simple in this case the interest was purely to the young mice individuals and find what they are and so it wasn't doing anything fancy willing in know storing
that you lots wasn't storing string with intercepting any is got communication or whatever he was just collecting very basic information out of the computer out of the Internet line and send the order of a male and there was potentially if it would have succeeded and not student divided people that were assisted the group finally if I were to leave and kill them and and this is the node considered how these progresses it starts off with an e-mail and it ends up with people in a dying because of what you're doing and I am because of technical means to reach this actors are able to persecute online people engaged in acts as a different kinds and this is interesting because it's unconventional from the ones Yengeni observe and there's the lessons that we can learn from them the first one is that we don't always
look what governments these are kind of the 3 main actors identi fi normally when research into these areas first one obviously being nation states and this is probably the most common 1 in know governments especially non-democratic governments but sometimes democratic governments as well making use of target surveillance reading fi on a monitor and reconstruct networks of people that are engaging political action soaring journalism or whatever that is contribution lockers context and and want to find and arrest them actually very often we see groups of 4 higher but you know people black that sell their services to eventually nation-states again we see that for example in some situations in Iran and some other countries in that area where necessary but did not the government dozens of the other capabilities for it they want to use external resources and it happens quite a bit and as this see happens also read in a military Miller's yes and in this case the width of the situation that expanded for my the well-being of groups of hackers group of black that are affiliated with a certain political or in or extremist movement even and the participating in in know the stronger position of that specific movement 1 of the things that we I can of understanding over well over over time is that it becomes a very convenient to be used as a method of of surveillance and of interception much more sometimes mass surveillance because of the cost of a lot that Beaurocracy and is something that we're dealing in discussing a lot and these days given all these recent events you know when you want to monitor someone or a group of people you don't need to interact with the highest your the mobile network providers and you don't have to go through all the bureaucracy and you over of these organizations that the by themselves you should back at some way to deliver an exploit the believer emotions payload and that it execute and use the all these control the right place and have been in place for a long long time for good reasons and similarly and many countries also lack a proper alleges legislative frameworks salt even in our countries of exactly what is a solution is in germany it's funded bit confusing but as far as this Italy for example which is my country of origin it is there is no law that in all of France the authorities to use that specific of of technology there is no regulation that says this is the new technologies that we're talking about is how we should use it and this is in which context and situation there is the way that is being employed nowadays is through the adoption of the wiretapping warrants and things like that which are archived and there being design and thought of a times were technologies words was much different and at times where the capabilities that exist now we're not even thought of and the so the same time you really wanted latest things it is something that for example Rabin were debating in right now and over the last couple of years as well in in a deli in in Europe and more so it in the countries that are kind of being a founding participant in these kinds of activities and where these technologies have been produced we discussed a lot about act controls and in if you follow all of that and of flame situation going on there there's been a lot of discussions going happening upon around that type of control and there hasn't been a has much discussion on how these things are actually really being used in our countries so we'll be talking and int interesting laws on how to prevent other countries use the same technologies that we build and we use ourselves from which a fine white paper critical there is some of that discourse going on right now I'm personally find it quite dangerous to go to war is the direction in a winter using this kind of regulations and legitimizing once and for all the use of these very invasive and very difficult to control very difficult to challenge technology is is the thing that needs to be thought out very carefully in 1 to establish his things you can take that back and the danger of establishing these regulations would be to incentivize even more both production and the use of these technologies and I'm not sure we really want especially given both the with a function of the Tampa heavily would operating systems they completely data the original functioning what the devices doing and there is almost no good way to have proper oversight of this in a piece of software runs interestingly having a little bit of this discussion in
Italy after the old pageant in a situation and there's been a great article published by a police law a lawyer in Italy that is if he has been saying you know there is this Italy and many other countries in euro of which signed they convention of Budapest's in 2001 over the agreed at that point that anybody that would have been producing and you saying and whatever how technologies they're designed to break into computer systems need to be in only not prosecuted and that's what this company is actually are doing and the conclusion of his article has been has been illegal along which is an interesting thing to reflect
upon medical lesson is that this acknowledges
urbane built in many in many situations by commercial companies sometimes it's not actually decays of but very accessible even if you take it for free or if you bite from 1 of these European companies it's kind of cheap you know they go from maybe 100 thousand euros to not create 500 thousand euros it's not much it's pocketing drew it and the more money put the more options you have the problem with this is that the prices of these things being so low of yellow many people to use that and make good use of that in some ways so we see that many many times over and over which is well we've been monitoring some of these
companies that are introducing selling this acknowledges in Germany you probably know often
feature which is not solved arrest spyware malware which is produced by a company based in Munich we indentified attacks used employed with a blinking a teacher and we the monitoring where we would find the future of infrastructural on the world and we see many different countries many of which are not very democratic
similarly if you've been following
any kind of news in the last month in the house you must have heard of what happened acting team happened to me is kind of a competitor from feature its phase land produced by quarreling force and intelligence agencies all around world as only when that happened people realize they're being something to oppressive regimes around the world turns out that we
actually find all of them are pretty much all of them already a year and a half ago although that in a race as much attention and not a and either
it come lesson that we learned from any of this is that we worked on is that these technologies in the streets are very effective and analysis effective because the sophisticated actually most of the cases are not from a technical perspective there really them boring things to look at the but effective because of the context because of the knowledge to reach the attackers and leverage in order to compromise the victims the effective because they're difficult to recognize and the difficulty identify and once a compromise it's even more difficult to realize you're being monitored and there is no good way to challenge this thing from and obviously compromising someone computer summer mobile phone gives a lot more insight on what is person has been doing more than tapping his phone line you know what he's thinking you know what search in is writing you know who is talking to you know who is e-mailing you know can reconstruct not in power networks of people that are working to get through this means and in all training people to use encryption in when I use all of these things it's good but it's not good enough it's hard to train people to recognize social engineering attacks on each you're able to do that would really learnt like to learn how you do that but it's really hard even showing over time as the diamond come over and over again to people how the of pulled off it always happens to fall for it at some point in time because they're careful Maskin fades away again as I said it's hot challenge and requires a decent technical expertise to recognize when these things are being employed and in besides the fact that as I was mentioning few occasions receipt if infusion hacking team of lights was so this things are actually quite boring and despite being boring as in like technically boring there's still quite effective because ago quite unnoticed another thing that we learned is that different regions tend to use different models of parenting and by continuously monitoring how people being compromise you can start seeing some patterns and recognize that maybe certain doubles targets in a certain type of but environments of a 2nd that of country are most likely going to be targeted in this way or that way some of them Our and more recognizable than others a lot
of the attacks said we observed in Citizen Lab is publishing about as being relayed through our Tibet and China there's been a lot of attacks obviously going toward state dividend communities in China and abroad intentionally model so Brown has always been the same they're always been using customized malware sometimes using modified versions of metal that is being whose source could have been leaked online like cause threat and so on but generally they make use of their own tools and that makes it quite easy to recognize them and that makes it quite effective for us to keep monitoring them order time and being able to see when that something happens stop it as soon as possible and as wait to deliver attacks usually always used very known all that exploits and repackage documents that already public for example no presentation slide decks and even the invites news of different kinds of letters from to that communities from outside of the region for example from Europe and America and so on and that's kind of is always the beware that you see them doing their thing you run instead you
see you know variety of things but generally quite consistent you see a number of custom rats Chile very unsophisticated mostly in Delphi and up now and you can see them recurring over a long period of time which means probably there is a very small number of troops inside the country that have been developed and his expertise and this acknowledges even from 10 years ago to now Syria for example is a very interesting
case what's your in Iran obviously under grow so it's very difficult for them to get access to any kind of technology so I don't have to build in house as it does happen in random order have to use to the free down on the internet and while Iran does show 2 of the syntactical expertise to build now and bill offensive technologies CIA and never seemed to be quite there yet and that's in some way good thing because the ultimately always have and that reusing the you know very well known rats are common Blackshades extreme rat and these kinds of things which are very well known and optionally although that could argue about the should be very well detected it also makes it difficult for us as researchers and as you know she wants offenders to monitor or who's doing what who's everybody's kind of use and is the same tools for many different reasons in many different areas of the world and if we come across an attack that has to that has been done by using document or something along those lines with physical more difficult to be sure that it's been used in the context of city South America instead
accept again for you know they haven't diminishing feature of of light seems to be using a lot of G about a job at islands by our book in a number of is very simple back there is written in Java to the very basic things as usual keylogging stuff like that there is some of them also available for mobile devices and so on but it seems to be of a recurrent pattern even across multiple countries in America have no idea why but it's something that has been seen as as a recurring pattern is quite interesting and I'm still researching what what's that about an example which we worked extensively on has been very sobering actually as being the way through which we started use all that researching part of surveillance and surveillance industry during the 2011 2012 protesting the offspring we sold on trade amount of attacks happening against political dissidents and activists that were engaged in in in the processing of in those in those years and many of them at that point rationing target Woodfin feature and that was the 1st time that we observe conditioning awhile and that kicked off a whole it'll be a multi year long research Anderson time at some point this faded out probably also as a result of the media attention that I came after the publication we made exposing the use of of things featuring brain this study using different techniques and 1 of the most interesting ones for example it is social engineering people through social media Preda and Facebook and so on and not do anything else besides asking them to open a link and the open and the link would just be a at IT find science in spies physical servers run by a couple websites that itself it just brought 5 lines of pure where the just get I've yet to resolve the individual Open the page and then the you would use that trade multiple and landing pages and see how fools IP address is according to would it be sending a link to it and I've been using this as a way to the anonymized anonymous protesters online and people that were opposing news in pictures and videos and sovereignity offer at the in the protests and afterward as well another interesting lesson is that turns out that X toys are not as common as 1 might think and today's even less so most of the attacks I happen through social engineering asportation even the ones that are and and being there employing commercial spyware like hacking in future by experience is the large majority with a few exceptions have been a deliberate through the use Bertha Shing which is very interesting thing and also something to consider given the current discussions going on about regulation of exploits sends if few research and as in time obviously of some exceptions you come across every now and then a situation for some x some arrays of end use generally that has been seen happening in China and not of the against civil society Braz said but some of those actors out that capability and we know that Haggerty and companies do obviously absurd as there is also but so both of the pre gonna use that in very few occasions and maximize the profit of the cells that show this this is coming toward
the and part where I complain about things so why do the things I do which is something I get asked a lot ironically so the 1st
reflection there's everything we do I think as a political meaning you know especially when I deal with technical people and secure researchers and so on anything everybody here and people at the camp is an exception but I think people that come here to probably have a radius of inclination to words being engage socially and politically but the large majority of the Committee isn't especially for committee isn't at all no man I don't feel the same way especially in in can the US centric and secure industry it tends to be seen as something that it is not normal is something that takes you away from the pure hardcore technical aspects and that you're moving away from being a hacker or a security guide to being an activist as an analog personally and I think it's stupid and I think
it's a good because everybody has its some politics from people at different politics I have certain politics you have different politics probably from minor maybe we have the same as both from the same since it left but your cursor comfort level and doing something that'll work included that word I'm talking about at some point over time reveal reveals his politics and I think we have to embrace that as of that community rift embrace the fact that we individually and as groups and organizations operate in body strong political context especially in these years were a cyber security is at the top of agenda of most governments around the world and were in a time where a lot of regulations something introduced in a time where you know we we hear media have a single day about cyber war and things like that so publishing information about a state actor and publishing information about our government hacking is a political thing is a political action at the same time as a C. over and
over and over again during the last few years not publishing information said and we folding information is not a political action is serving a political agenda and you see that a lot happening from security companies in the last I don't know 5 6 years how many reports how many new that you read about Chinese acting about Russian hacking and of that and how many of you red just they called those relation aside about U.S. acting or British hacking or German hacking or western countries hacking you don't you're done a lot it endured a lot because they're being we felt by the people that have the expertise in that the knowledge about these attacks but don't in publishing them with few
occasions so in the last age 9 months or
so I worked on few publications that had to deal with civilians in and started surveillance and malware programs from 5 lights countries in the 1st occasions we published together with my mark Morgan murky wire on the intercept a research that we've been working on for several months on time our program that we identified that seem seem to belong to point to the UK and US
and usage you and they were connected to the Belgacom hack that problem remember from this modern documents to bring the research we managed to find a large amount of our samples spawning back 2003 up to 2013 or thousand or even beginning of chosen for the given and we were fairly confident that this was surveillance food surveillance program from our program song from those countries similarly a little bit afterwords lead to better with can our only matters and we worked on a publication The Spiegel on something a document for the 2 computer network exploitation capability of the NSA and seeing the reaction of this useful a both of these publications of being very interesting
when it comes down to the infosec community in the music industry has been extremely critical and I was kind of baffled by that cos I seeing a lot of attacks a lot of people are complaining about his
publications and accusing us of being irresponsible or by publishing his technical details however there were the same people that at the same time we were publishing information about frame by other programs and for in computer nexus with never expectation that abilities without even blinking and many conversations came up through the results of a any kind of complaining on Twitter about that and 1 of them kind of got me thinking more than it's some of some some person came to me and on Twitter and told me in others I don't have anything against journos answer job alignment is not and so on but I'm all into dropping should from brain at and so yes so each of the knowledge about the remarkable it's from your own government to you can see is that any he said yes and I think that's fucked up but it's fucked up from multiple reasons 1st so because that's not just 1 person that's track then you see that trend occurring on pretty much the lodgement majority if not all of you got companies and organizations that engage into doing trucked
research and threatened or whatever that's cool about this that's dangerous the fact that a withholding information about ascended sorting country it most likely the wrong country or countries of that all out of their own country is obviously in service a certain political agenda is probably also fold in fear of retaliation and damage to the business and the arts but it's a problem because whatever the reasoning is heat portrays read picture or what's going on in the world in all we do here it's a lot about you know the pop was blocking this geopolitical comforted is opening nowadays it wouldn't hear anything about everything else and then we get when we learn something about it week turns all that our countries the are even more aggressive and more and more sophisticated and more on in a dedicated by using this kind of techniques and it is especially as it was mentioned before in a time where we are talking a lot about regulations and talking a lot about you know imposing sanctions to foreign countries using hacking and so on and we're not talking about how we ourselves are using it in in Europe and Western countries it is dangerous and wrong and especially for me I find it very troubling because again he portrays up one-sided very narrow you all what is the state of security off technology in in in our society and on the Internet G. deeper trade very again 1 set of you will work the current state of security it's and of the 6 security has to be universal that people working insecure companies secured accompany themselves has to be transnational secure the technology is struggles cross borders are all of us the same things and the same people a hacking foreign country will be exploited with when abilities and our that are being used against us as well it's it's just the same and so is the security is not universal it is in security at all and the other implications in kind of a lesson that I learned and then I try to pass on as much as I again is that what we do in some cases or we don't do as actors in researchers and inside a huge impact on society and that levels it as impact on small parts society may be in a very what country and they when the world in on being able to you know prevent some religious minority your some activist group that is in exposing corruption and so on from being targeted is is extremely important as in many situations where after the de-facto banks from bailed these people just stop doing what they were doing this stopping engage politically stop engaged in journalism because of fear analysis of it because if you're for themselves but because of fear of compromising the network they were operating and in many cases if someone you know as being targeted is not just operating by itself is operating in in fruits and sometimes isolating the 1 that has been already compromise is seen as the best option and probably it isn't but there's the doubt that chilling effect and it's not in many occasions but same time we can have a much bigger impact on on on global society as well and then we see especially the last 2 years busting their it is in a topic that a particular like talking about and it's a very complicated thing there is outcome of block of privacy of people that want to implement expert controls for buried serious and legitimate reasons and there's a block of security researchers and that and the people that don't want that kind of regulation because of bad experiences in the past regardless of what is the permission position as a regardless whether you agree or disagree with these kinds of techniques and actually Frankie I'm not even sure myself but the the outcome that I took out of the vessel regulation sh for those who don't know is basically an arrangement is signed by a large number of countries to control the expectation of different Chile military equipment and weapons and so on and recently introduced also the controls for it exporting its intrusion software and things surrounding that and that happen mostly as an outcome of the publications of it it is 11 of the and all the groups that engage into these things and revealing how this acknowledges produced by the European companies were used in certain contexts and that's actually less and it took out of it which is the fact that was as researchers and have this hackers by doing this kind of work by publishing his kinds of information we were able to that were able to get a significant impact and that in fact as being broad even at the highest level of policymaking and a political work in the European Union that even most things to the point of enforcing countries to change laws because of the fact that these com companies in our countries were being involved in in these kinds of users then again that's not a good thing but it shows that will be if if we engage in this kind of research and if we engage in publishing this information and be active in the political discourse and providing feedback on how regulations should both the announcer of those ones that are being targeted and victims of his attacks as well as as as researchers we can probably have a very positive impact on society and and again I could put it in that but especially now where we see modest and regulations it is critical that as as technical people as well despite how fucking boring it is to go or read regulations and draft or a hundred pages in from the pre-European unions and your own countries that's extremely boring but you even if we don't do that nobody else is going to work for us and it is critical that we do that kind of engagement and we do take water in policy-making at that point so I'm kind of coming to it and hopefully I wanted to have some time for questions but also the thing and make that happen these still the kind of reasoning up to these behind why do the things they do are pretty much too 1
being the fact that the and human costs of disturbance and already talked about this
but for me at at this point as we on I I drew to a point where technical analysis and I think I aspects of our way less interesting way less relevant but during service office and political analysis and that's a uniquely because I've been exposed for his hand on the human cost and you making back on the use of these technologies and I don't like that the 2nd reason and is because I'm very very concerned on the proliferation of surveillance especially Dr. surveillance in a sense of knowledge in general I'm very concern again as explained above the relation and legitimization of these things but I am extremely concerned about these ongoing imbalance that we see and we saw that also from his sort and documents partially that shows that there's a huge amount of their four-day huge amount of resourcing and being spent in creating offensive technologies and breaking to software and in 1 other protocols ending encryption standards and so on and comparatively there's an insignia thing about amount of effort being book put into building secure technologies and fixing issues and treating defensive strategies and sadly most of that action it's a good thing but solely because we can't realistically compete with that opposite side comes from the freeze offer community of a and it's it's it's in the above them very very much concerned about so how do we deal with that things firstly Iusacell's the targeted but its 1st most obvious thing to do and there's many of them there is a huge demand of technical expertise in civil society human rights organizations media organizations single activist groups and song and there's a very very limited power supply and that's mostly the grows again that people tend to not want to engage in things that have a political aspect the 2nd thing is that I think that by engaging into this research and I invite all of those that have the expertise and want times or want to learn how to do this and research to start doing it publishing reports and publishing information over and over and over again is probably 1 of the most meaningful way to resist the use of these acknowledges besides of the policy-making and besides sold the building of technologies mind gaining some kind of an economy tension is is extremely important every time that we publish something about a certain type of no worsened dive off act for use in the attacks techniques of different kinds we burn and by burning it will it make it more costly for them to re-engineer things to redeploy things and use them again and you know spread a moment to the customers again it's a it's adds costs makes more expensive and it doesn't make much sense expensive at least it doesn't make it cheaper my hope of leases that fly containing in doing this and in sometimes it's still but boring you still see the same things over and over again each year interested in getting into this field forget about finding every order they the most incredible piece of software a piece of malware or P so that's why did you ever see Simon happen you see the most boring should ever but importance of keep doing those kinds of things is not the technical aspect is in the political cotton context that he be using this exact same things that I'm describing the about went in maintaining some kind of tension and all fully if we keep doing that if you keep doing it more now we don't go to the point where it becomes so cheap for people to produce and using these things but it's just a happens I think without any kind of control so Ngô your humorous offenders are as a set under heavy attack there were huge huge demand of technical expertise and they suffer a lot mostly for 2 reasons 1 is paying back the visibility into what are the threats and the visibility is very much available to the infosec community in hacker community and the 2nd 1 is I described this lack of capacity there is no security staff in most organizations there is very little IT staff at all if there is an and and that's not good enough so what I'm getting
into is the fact that we have as a community which we can collectively make an important change you know we are the
ones that are out of the expertise were the ones that have the data we're the ones that have the visibility and what happens around the world that's because for some of us it's in our day job and unassessed lead and in some adjusting to research into vaccines and society but we come across this situation is quite often every now and then and despite the fact that the local prettily use less through a separate companies the aura of incredible value to you morons offenders and people to work in civil society so I've been thinking about how to approach this problem and 1 of these solutions as tried to bootstrap away for all of us and and you know if was that people even the ones that I don't like it doesn't matter ones that that they the ones about expertise get-together breach with human rights organizations breach with and privacy organizations breach with you know all those ones of presence on the ground and are in demand of all of your experience and of your help and let's try to make some some some movements in some platform for people to connect and and get together and if you have like 2 hours a week to volunteer on something for example you might get investor and you have to will hours in a week on a saturday afternoon you have nothing to do with you my view of great help by contesting itself so the website of I don't know some media website in Lebanon that absolutely more resources in the being broken into all the time because they're exposing corruption or something this right so
we're trying to do something practical IT and ITES and
not an easy thing to do and I know absolutely nothing about commit to building and I don't want to be the 1 in the position of doing so I will I want to use this situation for you all get together to discuss some of the sentence slowly get to a point where we can be in a place of collectively collaborate on issues that are more important than in buildings some kind of Blinky box for some 2 company to feel safe so we did something
and it's a start through building a collaborative knowledge base because before a getting
into helping people we need to understand what with them and us and some of us know things of mother and some other been working on these things for a while and there is no we get some good central plays were all of this knowledge is collected we're trying to build that now and EDI is try to collect all this information related to part attacks the 2 hour surveillance companies related to an encryption was whatever anything that helps building a narrative on what has been happening that is that have that have a negative effect on civil society in every country the world lead together and rebuild narratives and on them so we started doing other things we could be to organization and was retreating something that is called the packages Brannan and explain them that the tactical that village yesterday you can look them up it's an easy way to define a data structures for people to contribute to and and now shows an example in a minute we should emoji as if you're server that will cannot publish of flea really soon an front-end that it's already online and I'll show that in a minute to the starting point is to create a platform for people bought to consume the data I you're interested in what has been what is that I'm talking about of attacks twin-city and you go on this website and you see all of the things that we see and we're able to Bookman publicly in Syria and can from that you can analyze that research it find more things you find more things contribute them back and help link the full picture that we don't have than of the Mafia so we have some repositories we have seen that about his as as we call them and the basically represent some of the pieces of data I spent some weeks extracting old file hashes of malware samples that have been using against suicide over the last few years has been the bane some of the people will make some use of that and some jewelers for example has been working on extracting all companies that have been reselling surveillance softer fraud hacking team of all around the world Maria for example has been working on and compiling lists of surveillance vendor is an encryption all around the world some very diverse types of information about that are very connected with each other and that by presenting them in one's kind of give a good overview what's been happening in certain countries and hopefully small example of that so if you want to look into the bathing contribute to this is the kid of organization it's intentionally because we want to engage all sorts of sites and here is the front and that we have a
line it stays that digital for another you know we kind of put together literally 1 minute before I came here but I kind of get the idea so we were
starting to collect data that is related to all these different countries around the world and the system is unknown application that pulls out of metadata from the top service them through an API and you can browse that they die you in Tschira that they had to extract information about a specific type of matter family about a specific country or whatever and get it out and if you're interested about specific country you click on that and here's all the things that we have on
that particularly plus organization and so on so that's briefly because running out of time
the above resins eventually and along with that 1 of the issues that I that I explained as we lack a lot of disability as people work in high with civil society of people working with human rights defenders we don't see attacks happening on people don't have the expertise and the knowledge to identi fi when someone is being compromised it takes a long time and the ones that come to us Chile or false positives and that happens because we don't practically see all of the attacks happening but people with celebrity of actions that a thousand type of fraud felt do see that a lot and it happens in some situations off where people working in the InfoSec industry for companies that I would normally despised but some of these individual individuals have some consciousness and came across attacks that for the company was either irrelevant or politically complicated to deal with and so the will come to me or to Ortiz working with me and said this is on use of data which we can making use of and you threw by relevant because of being use against journalists or activists in this country and you should look at and what you can with it as being very helpful and similarly there's sort of situation this could happen again not just now about we oughta consensus as well to relaunching also submission platform for Weber thousand 1 is lead to engage publicly doesn't want to put their name on pieces of data that might be sensible and there is an onion and right there that you can visit it's a global existence we accept submissions from now on 4 from for different context hopefully a lot of that we can actually make good action up on we're hoping to get people and organizations from different backgrounds and that work in these 4 or more topics to come to us and be part of that and become receivers up these that as well if you wanna be a vision of work on you censorship and you interest saying in learning about new century the events that come from a certain country please reach out if you're someone at research and organization research and a man were not for the tax against society Prince reach out it would be great to kind of make our whole committee at once it was very simple to see some examples right there but it just give a brief I explanation when we're dealing with and a itself and then we're good so that's basically hopefully this is a starting place were building something very simple but that all 3 will help some people to start
getting into this field and star researching more publishing more about the stop the X and hopefully or the time to make it so that it happened to grow organically a community of all of us want to contribute and help people in need and in doing good good things for them this is not something of done alone I want to thank all the people that supported me and helped me over the years and particularly wanted and Brennan Brennan if you can stand up he has been developing His main issue is funding of the last few days several hours a day building this stuff just did that have absolutely no idea what I works another that so thank you a lot and if you want to learn more about how these things work but please reach out to either 1 of us and we can exploit and see if we can work together and that's it so thanks for coming if you have any questions we might have 3 4 minutes maybe 4 minutes OK yes thanks a lot and
and I went to we have 2
microphones on that side and on the right side of the sky up for the questions going to have the question was OK thank us not yes I would thank you