Black Hat 2010 notebook: Day Two
The second and final day of Black Hat is upon us, but with all the robust content the show is producing, it feels for many like the conference has been running much longer.
- Not as long, perhaps, as the line in the hallway to acquire a a badge for DEFCON, the sister conference that kicks off this weekend.
And it is no ordinary conference badge. Over the last five years, DEFCON has become famous for its skillfully designed electronic badges. This year's version is the brainchild of Joe Grand, owner of Grand Idea Studio and host of Discovery's "Prototype This!" Grand is one of the world's most famous hardware hackers.
The badge may not look impressive to people who have become enamored by flashy web software. But to the hardware geeks, this is the creme de la creme.
The badge is an aluminium circuit board with laser engraving. It includes a 128-by-32 display screen designed by Kent Displays. The display requires no power to keep the screen image on.
The badge even has a social networking aspect to it: Users can push a few buttons on the back of the badge (basically a circuit board) to display icons of their interests, such beer bottles and floppy disks.
"It's the whole community thing," Grand told reporters today. "They want to share one piece of data with everyone else."
- Security firm SecureWorks unveiled new research, the culmination of a three-month-long investigation into the workings of a cunning Russian check counterfeit gang.
Essentially, the cybercrooks installed Zeus and Gozi trojans onto victims' machines, which enabled them control over the computers. They used the infected PCs to get access to check image archiving services. They also cracked into job websites to deliver messages to unsuspecting individuals, who were recruited as money mules to cash checks on behalf of the racket. Nearly 3,000 job seekers responded, and they cashed counterfeit checks worth in excess of $9 million.
Sounds like a standard Russian mob cyber scam, right? Not quite.
What made the operation so original was the crooks' usage of VPN tunnels, which enabled them to make it appear as if the botnet was not operating. From the report:
Although it is very common for trojans (especially ones designed to aid in financial fraud) to employ proxy
server capability, this is the first time that the CTU has seen the use of VPN technology in such software.
However, by employing the very simple VPN functionality built right in to Windows, the criminal bypasses the need to develop complex systems, and can simply route his/her malicious traffic over the VPN. If done correctly, this gives the criminal three primary benefits:
1. The VPN traffic can be encrypted, defeating signature-based network IPS/IDS devices that
might detect the malicious transfer of data
2. A VPN can give the criminal the ability to connect-back into the protected computer, and even
use the infected system as a route to other systems on the protected network
3. The criminal could route all traffic from the bots to the botnet controller over the VPN, and deny
connections to the VPN controller from all sources but the VPN exit IP address. In doing so, the criminal
could make it appear to the world that the botnet controller is offline, while still serving commands to and
stealing data from the infected systems under its control
- The Black Hat crowed seemed to enjoy this morning's keynote quite a bit more than yesterday's less content-rich presentation from Jane Lute, deputy secretary of the U.S. Department of Homeland Security.
Today's keynote came from Ret. Gen. Michael Hayden, a former director of the CIA and deputy director of national intelligence, who spent his talk defining cyberwar and discussing what rules apply to cyberwar.
Cyberspace, like the air, land, sea and outer space, is also a military domain, he said.
But unlike the physical domains, a number of questions about cyberspace remain unresolved, such as what constitutes an attack or a cyberwar.
“We are thinking a lot about it [cyberspace], but not very clearly,” Hayden said. “We throw the term 'cyberwar' at everything unpleasant.”
Additionally, one unique aspect sets cyberspace apart from other military domains, he said.
“God made the other four, you made the last one,” Hayden said. “God did a better job.”
While the physical world has mountains and other terrain that aid the military in their defense operations, the
landscape of cyberspace only provides advantages to attackers, not those seeking to defend it. Fixing this problem, Hayden said, requires altering the architecture of cyberspace.
“You are going to build rivers and hills into the web,” he said. “You are going to create geography that is going to help the defense.”