i want to be a ninja stealth cyberterrorist
DESCRIPTION
I Want To Be A Ninja Stealth Cyberterrorist. Simple Nomad CanSecWest 2002. NMRC BindView Skills Needed. About Me/This Talk. NMRC BindView Skills Needed. NMRC BindView Skills Needed. Why This Topic?. How would terrorists do this if they had "skillz"? - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/1.jpg)
I Want To Be A Ninja Stealth Cyberterrorist
Simple NomadCanSecWest 2002
![Page 2: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/2.jpg)
About Me/This Talk
NMRC
BindView
Skills Needed
NMRC
BindView
Skills Needed
NMRC
BindView
Skills Needed
![Page 3: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/3.jpg)
Why This Topic?
How would terrorists do this if they had "skillz"?
How would us non-terrorists use this if suddenly accused of terrorism?
How you can prevent at least some of this traffic.
![Page 4: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/4.jpg)
What the Media Says
“Terror groups hide behind Web” by Jack Kelley, USA TODAY 2/5/2001
WASHINGTON - Hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies. It sounds farfetched, but U.S. officials and experts say it's the latest method of communication being used by Osama bin Laden and his associates to outfox law enforcement.
http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm
![Page 5: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/5.jpg)
What the Media Says
“Secret Messages Come in .Wavs” by Declan McCullagh Gary Gordon, vice president of cyber-forensics technology at WetStone Technologies, based in Freeville, New York, said that his firm has made progress in creating a tool to detect steganography. "The goal is to develop a blind steganography detection prototype," Gordon said. "What we've done is gone out, using Web spiders, and downloaded pictures from the Web and run the tool against them." Steganography, Gordon said, primarily turns up on hacker sites. But he and his associates also found instances of steganography on heavily traveled commercial sites such as Amazon and eBay.
http://www.wired.com/news/print/0,1294,41861,00.html
![Page 6: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/6.jpg)
Sobering Facts
From “Scanning USENET for Steganography” by Niels Provos and Peter Honeyman: Gary Gordon, vice president of cyber-forensics technology at WetStone Technologies,
based in Freeville, New York, said Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS.However, we have not found a single hidden message.
http://www.citi.umich.edu/u/provos/stego/usenet.php
![Page 7: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/7.jpg)
Sobering Facts
Digital watermarking generates false positives
Encrypted material inside images would be encrypted
![Page 8: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/8.jpg)
The Problem:Packeteering Satan's Network
(Programming Satan's Computer - Ross Anderson and Roger Needham 1995)
![Page 9: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/9.jpg)
Types of Monitoring
Invasive - Monitoring nodes are obvious. Traffic speed impacted. Usually easy to avoid.
![Page 10: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/10.jpg)
Types of Monitoring
Non-invasive - Monitoring nodes are obvious. Little to no traffic impact. Usually easy to avoid.
![Page 11: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/11.jpg)
Types of Monitoring
Stealth - Monitoring nodes are not obvious. No traffic impact. Hard to avoid.
![Page 12: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/12.jpg)
Types of Communication
Point to point - Sender/Receiver known. Plaintext or encrypted messages.
Example: Email.Advantages/Disadvantages: Little skills required, but sender/receiver known. If encrypted, message is hidden. Communication obvious.
![Page 13: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/13.jpg)
Types of Communication
Point to point - Sender/Receiver known. Plaintext or encrypted messages.
Example: USENET.Advantages/Disadvantages: Little skills required, sender known. If encrypted, message is hidden. Communication obvious unless obscured.
![Page 14: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/14.jpg)
Types of Communication
Anonymous sender – Receiver known.
Example: Remailer.
Advantages/Disadvantages: Little skills required, receiver known. If encrypted, message is hidden. Communication usually obvious.
![Page 15: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/15.jpg)
Types of Communication
Traffic pattern masking – Sender and receiver not known.
Example: Loki.
Advantages/Disadvantages: Fairly advanced skills required. Potentially sender and/or receiver known if traffic discovered. Usually simple obfuscation as far as covert channel goes.
![Page 16: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/16.jpg)
To Avoid Stealth Monitoring, Stealth Communications Are Needed
Stealth Communications - Sender/receiver unknown. Message encrypted. Communication not obvious, difficult to discern from regular traffic.
![Page 17: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/17.jpg)
What Can Satan Sniff?
During the question and answer session, an interesting discussion ensued. Here is a quote from conference attendee Viktor Mayer-Schoenberger:
"Both presenters explicitly acknowledged that a number of anonymous remailers in the US are run by government agencies scanning traffic. Marlow said that the government runs at least a dozen remailers and that the most popular remailers in France and Germany are run by the respective government agencies in these countries. In addition they mentioned that the NSA has successfully developed systems to break encrypted messages below 1000 bit of key length and strongly suggested to use at least 1024 bit keys. They said that they themselves use 1024 bit keys."
"Anonymous Re-mailers as Risk-Free International Infoterrorists" presented by Paul Strassmann, National Defense University and William Marlow, Science Applications International Corporation. Presented at the "Information, National Policies, and International Infrastructure" conference at Harvard Law School, Cambridge, Massachusetts, January 30, 1996.
http://www.strassmann.com/pubs/anon-remail.htmlhttp://ksgwww.harvard.edu/iip/GIIconf/gii2age.htmlhttp://catless.ncl.ac.uk/Risks/17.87.html#subj6
![Page 18: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/18.jpg)
What Can Satan Sniff?
"Disclosing the method of attacking PGP would involve disclosing classified cryptographic analysis methods (I was taught by the government), and such a disclosure to uncleared persons would be seriously illegal (in wartime such a disclosure carries the death penalty).
Seriously though, I would love to lay out the holes in several crypto systems, and would love to disclose the methods for breaking PGP, DES, and a number of other civilian crypto system I have studied (inmultiple NSA crypto schools); but will not disclose information and/or methods I know to be classified."and"The fact that various world governments can perform a PGP decrypt is old news, and not classified, however; the exact method used for the decrypt is what is classified."
From private email with a former spook:
![Page 19: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/19.jpg)
What Can Satan Sniff?
Other informal sources
![Page 20: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/20.jpg)
Digital Drop Box
![Page 21: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/21.jpg)
Stegonagraphy
![Page 22: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/22.jpg)
Covert Channels
![Page 23: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/23.jpg)
Scenario #1
Stealth Digital Drop Box using Holepunch
![Page 24: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/24.jpg)
Scenario #2
Broadcast Communications using Porn
![Page 25: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/25.jpg)
Scenario #3
Stealth Traffic Pattern Masking using Masquerade
![Page 26: I Want To Be A Ninja Stealth Cyberterrorist](https://reader036.vdocuments.mx/reader036/viewer/2022070411/56814876550346895db57fc9/html5/thumbnails/26.jpg)
Fin
Questions?All questions must be in the form of an answer
See you in Las Vegas at Black Hat and DefconGraphics from DeadDreamer.Com