10:00 AM
to 11:00 AM
Billy Hoffman & Matt Wood: Veiled - A Browser Based Darknet
119 Attendees
Location
Milano Ballroom 5-6-7-8
Type Privacy
Billy Hoffman, Matt Wood
The concept of a darknet has been around for several years now: a hidden underground where people anonymously and securely communicate and share files with each other. Various projects like Tor, FreeNet, WASTE, decentralized peer to peer networks, and other services attempt to provide people with some of these properties. Regardless of how people use darknets, the concept of a private secure network where people can freely communicate ideas as well as distribute content is compelling from both a technological and a philosophical perspective. Unfortunately, the reality is not as clean as the idea. Darknets traditionally require various software programs or components to be installed and configured. This is not for the technically faint of heart. This and other barriers of entry limit those who can participate in a darknet.
In this talk we will discuss and demonstrate Veiled, a proof-of-concept browser-based darknet. A browser-based darknet allows anyone to join from any platform which has a web browser whether it be it a PC or an iPhone. Veiled embodies many of the traditional properties of a darknet. Users can communicate with each other through encrypted channels. Shared files are encrypted, fragmented, and redundantly stored locally across members of Veiled. Another feature, inspired by Ross Anderson"
In this talk we will discuss and demonstrate Veiled, a proof-of-concept browser-based darknet. A browser-based darknet allows anyone to join from any platform which has a web browser whether it be it a PC or an iPhone. Veiled embodies many of the traditional properties of a darknet. Users can communicate with each other through encrypted channels. Shared files are encrypted, fragmented, and redundantly stored locally across members of Veiled. Another feature, inspired by Ross Anderson"
11:15 AM
to 12:30 PM
Andrea Barisani & Daniele Bianco: Sniff keystrokes with Lasers / Voltmeters
87 Attendees
Location
Milano Ballroom 5-6-7-8
Type Privacy
Andrea Barisani, Daniele Bianco
TEMPEST attacks, exploiting Electro Magnetic emissions in order to gather data, are often mentioned by the security community, movies and wanna-be spies (or NSA employees, we guess).
While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven't been fully (publicly) researched.
Following the overwhelming success of the SatNav Traffic Channel hijacking talk we continue with the tradition of presenting cool and cheap hardware hacking projects.
We will explore two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers using mechanical energy emissions and power line leakage. The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required.
We will show in detail the two attacks and all the necessary instructions for setting up the equipment. As usual cool gear and videos are going to be featured in order to maximize the presentation.
While some expensive attacks, especially the ones against CRT/LCD monitors, have been fully researched and described, some others remain relatively unknown and haven't been fully (publicly) researched.
Following the overwhelming success of the SatNav Traffic Channel hijacking talk we continue with the tradition of presenting cool and cheap hardware hacking projects.
We will explore two unconventional approaches for remotely sniffing keystrokes on laptops and desktop computers using mechanical energy emissions and power line leakage. The only thing you need for successful attacks are either the electrical grid or a distant line of sight, no expensive piece of equipment is required.
We will show in detail the two attacks and all the necessary instructions for setting up the equipment. As usual cool gear and videos are going to be featured in order to maximize the presentation.
1:45 PM
to 3:00 PM
Nitesh Dhanjani: Psychotronica
89 Attendees
Location
Milano Ballroom 5-6-7-8
Type Privacy
Nitesh Dhanjani
This talk will expose how voluntary and public information from new communication paradigms such as social networking applications can enable you to remotely capture private information about targeted individuals.
Topics of discussion will include:
Hacking the Psyche: Remote behavior analysis that can be used to construct personality profiles to predict current and future psychological states of targeted individuals, including discussions on how emotional and subconscious states can be discovered even before the target is consciously aware.
Techniques on how individuals may be remotely influenced by messaging tactics, and how criminal groups and governments may use this capability, including a case study of Twitter and the recent terror attacks in Bombay.
Reconnaissance and pillage of private information, including critical data that the victim may not be aware of revealing, and that which may be impossible to protect by definition.
The goal of this presentation is to raise consciousness on how the new paradigms of social communication bring with it real risks as well as marketing and economic advantages.
Topics of discussion will include:
Hacking the Psyche: Remote behavior analysis that can be used to construct personality profiles to predict current and future psychological states of targeted individuals, including discussions on how emotional and subconscious states can be discovered even before the target is consciously aware.
Techniques on how individuals may be remotely influenced by messaging tactics, and how criminal groups and governments may use this capability, including a case study of Twitter and the recent terror attacks in Bombay.
Reconnaissance and pillage of private information, including critical data that the victim may not be aware of revealing, and that which may be impossible to protect by definition.
The goal of this presentation is to raise consciousness on how the new paradigms of social communication bring with it real risks as well as marketing and economic advantages.
3:15 PM
to 4:30 PM
Cormac Herley: Economics and the Underground Economy
58 Attendees
Location
Milano Ballroom 5-6-7-8
Type Legal & Management
Cormac Herley, Dinei Florencio
The popular and trade presses are full of stories about the underground economy and the easy money to be made there. We are told that phishers and spammers harvest money at will from the online population. Even those without skills can buy what they need and sell what they produce on IRC markets. Estimates of the size of this underground economy vary, but common to most accounts is that it is large and growing rapidly.
In a careful examination of the evidence, we find that these claims are speculation, unsupported by evidence. Estimates of the cybercrime economy are enormous extrapolations from very noisy and poorly-sourced data. Reports that exploits like phishing and spam are worth billions appear to be off by orders of magnitude. Our analysis suggests that the laws of economics have not been suspended. Phishing and spam are subject to the tragedy of the commons so that returns are kept low. IRC channels are infested with rippers so that buying and selling is hard. Cybercrime is a ruthlessly competitive business, and low-skill jobs still pay like low skill jobs. Much as in the regular economy, to do well you need a rare skill or a barrier to entry. However cybercrime is still a very big deal.
In a careful examination of the evidence, we find that these claims are speculation, unsupported by evidence. Estimates of the cybercrime economy are enormous extrapolations from very noisy and poorly-sourced data. Reports that exploits like phishing and spam are worth billions appear to be off by orders of magnitude. Our analysis suggests that the laws of economics have not been suspended. Phishing and spam are subject to the tragedy of the commons so that returns are kept low. IRC channels are infested with rippers so that buying and selling is hard. Cybercrime is a ruthlessly competitive business, and low-skill jobs still pay like low skill jobs. Much as in the regular economy, to do well you need a rare skill or a barrier to entry. However cybercrime is still a very big deal.
3:15 PM
to 4:30 PM
Steve Topletz, Jonathan Logan & Kyle Williams: Global Spying
81 Attendees
Location
Milano Ballroom 5-6-7-8
Type Privacy
Steve Topletz, Jonathan Logan, Kyle Williams
When talking about the threat of Internet surveillance the argument most often presented is that "there is so much traffic that any one conversation or email won't be picked up unless there is reason to suspect those concerned; it is impossible that "
4:45 PM
to 6:00 PM
Alessandro Acquisti: I just found 10 Million SSNs
71 Attendees
Location
Milano Ballroom 5-6-7-8
Type Privacy
Alessandro Acquisti
Social Security numbers (SSNs) were created in the 1930s as identifiers for accounts tracking individual earnings. Over time,they started being used (and abused) as sensitive authenticators. Hence, they became one of the pieces of information most often sought by identity thieves. To respond to growing concerns with SSN over-exposure and counter the rise of identity theft, policy makers have encouraged individuals to keep their SSNs safe and confidential, and, more recently, enacted legislation to reduce their public availability. But what if even well-meaning consumers may provably be unable protect their SSNs, and legislative initiatives aimed at reducing their availability may in fact backfire? We will examine the possibility that SSNs may be more predictable than currently acknowledged, and discuss the unintended consequences of policy initiatives in the area of identity theft prevention.
10:00 AM
to 11:00 AM
Rafal Wojtczuk & Alexander Tereshkin: Attacking IntelĀ® Bios
57 Attendees
Location
Milano Ballroom 5-6-7-8
Type Hardware
Rafal Wojtczuk, Alexander Tereshkin
We demonstrate how to permanently reflash Intel BIOSes on the latest Intel Q45-based systems. In contrast to a previous work done by other researches a few months earlier, who targeted totally unprotected low-end BIOSes, we focus on how to permanently reflash one of the most secure BIOSes out there, that normally only allow a vendor's digitally signed firmware to be flashed. As an extra bonus we describe yet-another-one, on-the-fly, previously undisclosed attack against SMM on Intel platforms affecting most of the recent chipsets.
11:15 AM
to 12:30 PM
Travis Goodspeed: A 16-bit Rootkit and Second Generation Zigbee Chips
39 Attendees
Location
Milano Ballroom 5-6-7-8
Type Hardware
Travis Goodspeed
This lecture in two parts presents first a self-replicating rootkit for wireless sensors, then continues with recent research into the security of second generation Zigbee radio chips such as the CC2430/2431 and the EM250. A live demo and a vulnerability will be released as a part of this presentation.
1:45 PM
to 3:00 PM
Joe Grand, Jacob Appelbaum & Chris Tarnovsky: 'Smart' Parking Meter Implementations, Globalism, and You
69 Attendees
Location
Milano Ballroom 5-6-7-8
Type Hardware
Joe Grand, Jacob Appelbaum, Chris Tarnovsky
Throughout the United States, cities are deploying "smart" electronic fare collection infrastructures that have been commonplace in European countries for many years. In 2003, San Francisco launched a $35 million pilot program to replace approximately 23,000 mechanical parking meters with electronic units that boasted tamper resistance, payment via smart card, auditing capabilities, and an estimated $30 million annually in fare collection revenue. Other major cities, including Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, Portland, and San Diego, have made similar moves.
In this session, we will present our evaluation of electronic parking meters, including smart card protocol analysis and emulation, silicon die analysis, and firmware reverse engineering, all of which aided in successful breaches.
In this session, we will present our evaluation of electronic parking meters, including smart card protocol analysis and emulation, silicon die analysis, and firmware reverse engineering, all of which aided in successful breaches.
3:15 PM
to 4:30 PM
Chris Tarnovsky: What the Hell is In there?
55 Attendees
Location
Milano Ballroom 5-6-7-8
Type Hardware
Chris Tarnovsky
An in-depth look inside the latest high-security smartcard devices commonly found inside GSM sim cards. Several different manufactuers have been torn down. Most are certified at the highest Common Criteria levels available. High-resolution images will be the focal point of the discussion as well as how secure really are these devices. Is the latest Comp128 algorithm secure or is there is a risk of exposure from one of these sim cards?
4:45 PM
to 6:00 PM
Mike Davis: Recoverable Advanced Metering Infrastructure
46 Attendees
Location
Milano Ballroom 5-6-7-8
Type Hardware
Mike Davis
Smart Grid. Smart Meters. AMI. Certainly no one has escaped the buzz surrounding this potentially ground-breaking technology. However, equally generating buzz is the heightened threat of attack these technologies provide. Mike Davis and a team of IOActive researchers were able to identify multiple programming errors on a series of Smart Meter platforms ranging from the inappropriate use of banned functions to protocol implementation issues. The team was able to "weaponize"
