Camp 2011 - Version 1.4
Chaos Communication Camp 2011
Project Flow Control
Speakers | |
---|---|
Jayson E. Street |
Schedule | |
---|---|
Day | Day 2 - 2011-08-11 |
Room | Baikonur |
Start time | 16:30 |
Duration | 01:00 |
Info | |
ID | 4488 |
Event type | Lecture |
Track | Hacking |
Language used for presentation | English |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
Steal Everything, Kill Everyone, Cause Total Financial Ruin!
Or: How I walked in and misbehaved
This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on.
They say one picture is
worth a thousand words I show you how one picture cost a company a million
dollars and maybe even a few lives. In a community where we focus so much on
the offensive I also make sure with every attack I highlight. I spend time
discussing what would have stopped me. We need to know the problems but we need
more talks providing solutions and that is what I hope people will get from
this. I show the dangers of Social engineering and how even an employee with no
SE experience can be an eBay James Bond which can cause total financial ruin to
a company. These Security threats are real. So are these stories!
I talk about how there is only 1 fact that should concern a business I am GETTING IN! No need to discuss defense we are way past that!
I discuss the 2 rules I operate under "I aim to misbehave" & "Let's go be bad
guys" notice nothing about audits or PCI, HIPPA or Gramm–Leach–Bliley Act I
just want to do as much evil as I can get away with and what causes you the
most harm I could care less if you are 'compliant' on anything.
Those 2 rules gives me these 3 outcomes which I discuss in depth.
Steal everything I show with actual pictures how I could steal purses, backpacks, cell phones, cars, laptops, etc? I also provide a real world story from the news showing it is not theory but known practice of thieves.
Kill everybody I show pictures of mechanical rooms that I was able to get in. Pictures of the fire suppression and alarm systems I could have turned off even a video of me walking into the back of a hotel going to their hazardous chemical closet that was unlocked and then walking unchallenged through the kitchen where I could have used those chemicals to poison all the food and also start a fire with them. I also provide a real world story from the news showing it is not theory but known practice of killers and terrorist.
Cause total financial ruin I will show offices of VPs and CEOs that I had access to and where I would have been able to steal company secrets and actual formulas that are the livelihood of the companies I breached. I also provide a real world story from the news showing it is not theory but known practice of corporations.
Countermeasures With every outcome I provide the ways I could have been stopped and things that should have been in place that would have prevented me from carrying out any of these attacks. Some of the defenses are the same for everyone though once again defense in depth is what could have saved the day.