Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secrets of Superspies Ira Winkler, CISSP +1-410-544-3435.

Similar presentations


Presentation on theme: "Secrets of Superspies Ira Winkler, CISSP +1-410-544-3435."— Presentation transcript:

1 Secrets of Superspies Ira Winkler, CISSP

2 Copyright ISAG 2 The Second Worst Spy in the World

3 Copyright ISAG 3 The Worst Spy in the World

4 Copyright ISAG 4 They are Everything You Want They kill people They blow things up They infiltrate enemy positions Their enemies fear them

5 Copyright ISAG 5 But… They kill people They blow things up Their enemies know who they are They always get caught

6 Copyright ISAG 6 How Can You Miss This?

7 Copyright ISAG 7 What Do Spies Really Do? They determine requirements They collect information They analyze information They re-evaluate their needs Collection is the apparent focus, but it is the requirements that are most critical

8 Copyright ISAG 8 Science vs Art Hackers like to portray themselves as “artists” Spies are “scientists” There is a repeatable process to what they do which is required for expertise Ability vs. Practice vs. Training You need two No training makes you dangerous

9 Copyright ISAG 9 Spies Protect Themselves From Other Spies Counterintelligence They know the tricks of the trade, so they know what to expect They know they have to be right 100% of the time, while their adversary just has to be right once There is nothing there about protecting computers for the sake of protecting computers

10 Copyright ISAG 10 The Key Spies focus on Information Technology is only important in that it provides access Different classifications get different levels of protection While there is tremendous threat, the actual losses are relatively small

11 Copyright ISAG 11 Risk Risk = ( Threat * Vulnerability Countermeasures ) * Value

12 Copyright ISAG 12 Risk Broken Down Threat – Who or What is out to get you Vulnerability – Your weaknesses that allow the Threat to exploit you Value – Value of your information or services at risk Countermeasures – Measures taken to mitigate the Risk

13 Copyright ISAG 13 What’s Important to You? People focus on the Threat Spies acknowledge the Threat is a given Threat is irrelevant –For the most part They focus on mitigating Vulnerabilities

14 Copyright ISAG 14 Case Study #1 Compromise of nuclear secrets Full scale espionage simulation No holds barred attack Multi-faceted attack –Open source research –Misrepresentation –Walk through facilities –Internal hacking

15 Copyright ISAG 15 Background Organization is very large with a large central organization Had traditional security issues, but no major issues that they knew about Organization as a whole experienced massive layoffs Only one security manager at HQ, with an intern, and no unit security managers

16 Copyright ISAG 16 Restaurant Fishbowl Facility Access Unlocked Door Security Office Company Badge Fake Signature Locate Empty Office Ethernet Port Nuclear Reactor Designs Company Operator Graphics Department IP Address Proposal Prep Dept Enter Facility Simple Hack Audit Logs India Hack

17 Copyright ISAG 17 Results Nuclear reactor designs compromised Emerging technologies compromised Production potentially compromised National security implications It was extremely simple ID card was unnecessary

18 Copyright ISAG 18 Believe it or Not Critical compromises accomplished within a half day No reports of any activities India hack was previously unknown

19 Copyright ISAG 19 Case Study #2 Placement of a person as a temporary employee in a high tech firm Full scale industrial espionage simulation No holds barred attack Multi-faceted attack –Open source research –Misrepresentation –Walk through facilities –Internal hacking –Internal coordination of external accomplices

20 Copyright ISAG 20 Background Company has many emerging developments Developments valued in excess of $10 Billion by Wall Street analysts Company has experienced several cases of industrial espionage Research mentality of openness causes an operational security nightmare Security manager is very well aware of the threat –Secures what he can

21 Copyright ISAG 21 Open Source Info Researcher Team Leader Meeting Minutes Business Manager Government Affairs User IDPassword Critical Servers Knowledge as the Key Walk Through Portable Computer Internet Security Scanner Smart Card SLIP/PPP Vulnerability Scanner Inside Account & Accomplices TELNETPassword File Prioritized Accounts Crack Phone Directory Accounts Manufacturing Information Other Sensitive Information Misc. Data Forgery Misc. Data Root Access NFS Manufacturing Data Patent Applications Other Sensitive Information “Everything a competitor may want on all but one top development.” Manufacturing Data Sensitive Data

22 Copyright ISAG 22 Results All but one emerging development was seriously compromised Information valued in the billions of dollars Pending litigation posture compromised Patent applications compromised What else is there to say

23 Copyright ISAG 23 Believe it or Not Critical compromises accomplished within one and a half days No reports of any activities They have much better than average security –Technical Security –Physical Security

24 Copyright ISAG 24 Remember Risk Risk = ( Threat * Vulnerability Countermeasures ) * Value

25 Copyright ISAG 25 Threat and Decisions The Vulnerabilities exploited were all preventable People are however fascinated by Threat It only takes bad intent to accomplish what was demonstrated –True for any attack Stop treating the bad guys as celebrities

26 Copyright ISAG 26 What is a Spy’s Security Program? The implementation of Countermeasures Spies determine the Vulnerabilities that will most likely be exploited They then implement Countermeasures to mitigate the Vulnerabilities Defense in Depth

27 Copyright ISAG 27 Optimizing Risk Cost Countermeasures Vulnerabilities Risk Optimization Point

28 Copyright ISAG 28 Potential Loss Should Drive Budget Most security programs are determined by money available –Risk is a result, not a consideration Security program budgets should be a factor of Optimized Risk –Risk is the driver for the budget Remember, there is a great deal of ROI for most Countermeasures –There are only two ways to hack a computer

29 Copyright ISAG 29 The Two Ways to Hack a Computer Take advantage of problems in the software –OS, applications, firmware –Your custom designed software Take advantage of configuration errors –The way users and administrators configure the systems

30 Copyright ISAG 30 Why is Bristow the Worst Spy? She runs into good security programs She runs into redundant security measures The Countermeasures catch her She is not a real spy to begin with Alias actually demonstrates good security programs

31 Copyright ISAG 31 Make Bad Movies The reason they are bad spies is because the producers want “good” movies They have to have dramatic tension Defense in Depth accomplishes this They want intrigue and sex I’m still waiting for that myself

32 Copyright ISAG 32 Awareness Training Awareness

33 Copyright ISAG 33 Summary The real spies are sadly better than Bond and Bristow Countermeasures should not result from budgets and vendor hype Information and services focus, not computer focus There should be Defense in Depth You must focus on Countermeasures that mitigate Vulnerabilities Realistic security is achievable –Just look at Bristow and Bond

34 Copyright ISAG 34 For More Information

35 Copyright ISAG 35 For More Information Ira Winkler, CISSP, CISM


Download ppt "Secrets of Superspies Ira Winkler, CISSP +1-410-544-3435."

Similar presentations


Ads by Google