Thanks for attending DeepSec 2015!

DeepSec 2015 is over. We had a fantastic time, great presentations, lots of conversations about the state of information security, and many other issues. You can do a lot more when you are not lost in a big crowd, not being able to connect to speakers, sponsors, and fellow IT security enthusiasts.

A big thank you to all our speakers, attendees, trainers, supporters, staff, sponsors, partners, and the IT security community! See all of you in 2016!

Terrorism – No Time for Backdoors

Every successful project needs proper planning and a good project management. You know this from your business life, probably. Projects can’t be done without tools for communication. We all use these day by day. Email, telephone, collaboration platforms, social media, instant messengers, and more software is readily available. Access to communication tools has spread. Exchanging messages has also evolved a lot since the 1990s. Given the diversity of the Internet, messages are now encrypted (hopefully). It is a very basic defence against any third parties, or Eve, both being unable to eavesdrop on the conversation. Especially when you do business and talk money, encryption is your closest friend. Why else would you meet indoors and control the access of persons to your office space? Why not discuss business internals while riding public transport? Some people do, but usually you do not.

Working encryption has no backdoors, no known weaknesses, and no maintenance hatch to bypass the algorithm, the keys, or any internals. In an ideal world only the communication partners can decrypt and therefore access the content of a conversation. This property is called end-to-end encryption. Every communication system lacking these basic features is not intended for secure communication. Period. There is nothing to discuss. Either you want secure communication or you don’t. There is no middle ground.

So what about access to encrypted communication, and therefore data, for law enforcement and intelligence services? Should there be exceptions? No. Crypto still is one of the building blocks of security, IT or otherwise. Once you start removing bricks from the foundation, your house will collapse. Your data, your messages, both will be buried alive by rubble.

There is another way. Consider a terrorist attack as a project. All projects are driven by deadlines. Thus terrorist attacks need a crucial ingredient to work: devices to keep track of time. Don’t allow clocks, wrist watches, stop watches, hour glasses, and similar devices. Any device capable of keeping track of time must not display it correctly. Ban the publication of timetables for train stations and airports. Add random time periods to decrease the accuracy to a resolution of a few hours. We must not allow hardware and software to display seconds or minutes any more. Keep it safe.

It’s a small price to pay for the desperately needed extra security, don’t you think?

Thanks to SEC Consult for sponsoring DeepSec 2015!

The Austrian SEC Consult is an international leader in application security services and information security consultancy. SEC Consult’s competence in improving the application security of enterprise applications supports major international banks, government organizations and global software vendors. When it comes to information security, it doesn’t get any more in-depth than that. SEC Consult has supported DeepSec ever since the first conference in 2007. We are very grateful for their contribution, and we appreciate their serious attitude when it comes to finding vulnerabilities or educating IT staff how to avoid making mistakes.

Sec Consult staff will be at the conference. Make sure to drop by their booth and have a chat with them. They don’t avoid questions, and they always listen when you speak your mind. Don’t miss this opportunity!

Tags: ,
Posted in Conference by . 1 Comment

Endangered Species: Full Disclosure in Information Security

History, fictive or real, is full of situations where doubts meet claims. Nearly every invention, every product will be eyed critically, analysed, and tested. There are even whole magazines fully dedicated to this sport, be it for example, consumer protection, reviews of computer games or the car of the year. When it comes to testing the sector of information security is particularly sensitive.

Depending on the hard- or software concerned, testing is not only about comfort or in search of a particularly good storyline, but about incidents, which can cause real damage in the real world. How should one deal with the knowledge of a design flaw affecting the security of a system?

In 1851 the American lock-smith Alfred Charles Hobbs visited the Great Exhibition in London. He was the first to pick the Chubb lock, which was on display at the crystal palace: It took him 25 minutes, without damaging the lock. Furthermore he even opened the Bramah lock, which was believed to be impregnable. This incident led to a national crisis of England’s lock engineers. Naturally some doubted Hobbs’ skills. Did he really open the lock? Was this some kind of trickery? Would these locks really prevent anybody from breaking in?

In the end Hobbs demonstrations led to a rethinking and better design of lock mechanisms. The Bank of England replaced all their Chubb locks and used other makes instead. When asked the question if it would be wise to publish vulnerabilities, Hobbs himself replied with the following sentence: “Rogues are very keen in their profession and know already much more than we can teach them.”

Responsible / Coordinated / Full / Non Disclosure
150 years later the situation has not much changed for the better. Systems still have their vulnerabilities, and clever researchers ferret them out. But how should we deal with these findings? In dealing with this question there are adherents of different schools of thought on information security. Basically there are three strategies.

The one who belief in Non Disclosure don’t want to publish any vulnerability.
At the utmost, if it need be, only under a mutual confidentiality agreement. The idea is to hide any information from potential enemies and thereby to prevent attacks.

Full Disclosure means the opposite. Knowledge about vulnerabilities is spread as soon and as wide as possible. This open approach enables affected persons to react and adapt to the new found threat.

The fair middle ground, and the third strategy, is called Responsible or Coordinated Disclosure.
First only the producer and developer get informed about a found vulnerability, and the find will only be published publicly when there’s already an update available to solve the problem. Afterwards all or at least some details about the vulnerability will be published too.

To provide no one with information is the worst way to deal with a possible threat for sure.
This leaves us with two viable – and hotly disputed – options. Most of the time producers patch errors only when they are under pressure. Bugs revealed to the public under responsible or coordinated disclosure very often already have had a long processing time (sometimes years, no kidding). A fact not acceptable to many security researchers, which has led to a lot of disputes between them and affected companies, some of them carried out in court. Sadly the ones who suffer from the current state of affairs are almost exclusively the users and customers.

Enter TPP, TTIP and TISA
WikiLeaks has published an article on “Intellectual Property” (IP) in the Trans-Pacific Partnership (short TPP). The Agreement contains some controversial points, threaten to render future research in the field of information security impossible or at least make it very risky. For example, TPP doesn’t allow the circumvention of Digital Rights Management (DRM), up to the point where even tinkering with files or devices that contain copyrighted parts, can be punished as a violation of Digital Rights, even if it does not include copyright infringement. And if there is a deliberate or commercial intention, it can be prosecuted. It does not take much imagination on the part of Rights holders, in order to fight off any effort by security companies: after all the security companies act intentional and out of commercial interest – a fact that can now be easily used by the rights owner to argue for Non Disclosure.

Under TPP it’s also possible to let all the materials and tools that have led to the violation of the “Intellectual Property Rights” be destroyed by the authorities. Just imagine all media and computer systems of an IT Security company seized and destroyed after its appearance at a trade show, just because it has reported a vulnerability.

But TPP is not only about copyright. Trade secrets get an upgrade too. The Agreement criminalizes “[Those Who Gain] unauthorized, willful access to a trade secret held in a computer system”. No matter the circumstances: Thus, if you find ways of accessing a computer system during an investigation, you should wipe the doorknob, hurry up, and just ignore it to minimize the risk of being sued. To report it is already risky. Of course, companies engaged in security checks normally receive permission from their customers to access their data, but this is not always true for researchers who test hardware and software for vulnerabilities. Which brings us back to non disclosure.

It can safely be assumed that the Transatlantic Free Trade Agreement (short TTIP) will be quite similar to TPP. And there’s also the Trade in Service Agreement (TISA) currently under negotiation. Published Leaks from the agreement include prohibitions on regulations that favour non-proprietary software: But if proprietary systems would be used exclusively in all areas, security researchers would have to commit copyright infringement automatically just to do their job. Which leads us back to the regulations already discussed above.

Free IT Security
To the benefit of all IT security researchers must be able to move freely. (Hopefully) nobody thinks to better not repair weak spots in airplanes, medical equipment, or power plants just to let sleeping dogs lie. All systems can contain errors. There is no exception. Testing for failure and proposals for the improvement of systems are vital to build, maintain, and enhance security architectures. If treaties and laws override this vital rule, we have truly cyber-apocalyptic times before us.

Debugging Information Security: Self Defence for Entrepreneurs

In our economy data leaks are a constant companion. That’s the impression one gets when reading the news. Customer portals, online shops, digital communications, plans of products, personnel data, and more can be found in department stores throughout the shadow economy. Blind faith in global networks has indeed suffered in recent years, but companies and individuals still have a partially carefree attitude when it comes to the imminent risk their data is exposed to. “Who cares about our data?”, is often said. This year’s DeepSec IT Security Conference has some very specific answers to this question.

Duncan Campbell and James Bamford open IT Security Conference in Vienna

Duncan Campbell is a freelance British journalist, author, and television producer. Since 1975 he has specialized in intelligence and security services, defence, policing and civil liberty rights. In his opening speech he is going to illustrate how even producers of harmless products, such as rubber ducks for the bathtub for example, can become the target of criminals or an organized attack. But it’s no longer just about individual companies. The steady progress of networking leads to events, which can be met only with a professional risk analysis. Nothing on the Internet is meaningless. Every single bit of information can be used for attacks. In defence, the IT staff in charge must muster at least as much creativity as their opponents.

James Bamford also talks about the impact of technological possibilities on companies daily lives. He gives a lecture on the world-famous wiretapping scandal in 2005 concerning Vodafone Greece. At the time, intruders compromised the lawful interception systems for telecommunications surveillance in order to eavesdrop on the mobile phones of Greek politicians and security forces. The investigation proved to be difficult, and only in February 2015 an arrest warrant for a suspect was issued. James Bamford will tell you all about the case, putting it into context of economic espionage.

Even if you’re not opposing the omnipotence of services, there’s no denying that Big Data has also found its way into the hands of attackers. It is both self-goal and means to an end, to spy on rivals, and ultimately to elegantly finish them off.

Entrepreneurs need to move with the times

IT Security conferences are no longer just for technicians. Ever since the discovery of the Stuxnet computer worm malware has made its mark on politics. Today networks, especially the Internet, are part of the infrastructure of all companies, from small, individual entrepreneurs to large corporations. The Internet of Things weakens the defence even further, because now vulnerabilities come as a bargain: freely delivered with cheap household appliances and consumer electronics. Thus, like vulnerabilities, Information Security has to become mainstream.

Therefore, the DeepSec conference makes every effort to ensure to bring together all those who are concerned – international security professionals from academics, government, industry, and the underground hacking community, customers and companies, researchers and entrepreneurs – in order to allow the participants to look at problems and their solutions from different angles.

Join in and visit the 9th DeepSec Conference!
It will take place on 19th / 20th November 2015 in Vienna.
Prior to the conference, on the 17th / 18th November there’ll be workshops on topics of IT security, which we highly recommend in order to stay in shape, knowledge-wise.

About our Opening Speakers

James Bamford Photo 1James Bamford
is an American best-selling author and journalist who became known for his writings on US intelligence agencies, in particular the National Security Agency (NSA). Bamford has i.a. written for renowned newspapers such as The Washington Post, the Los Angeles Times, the New York Times Magazine, The Atlantic and Harper’s Magazine. Moreover, Bamford worked as a producer of ABC World News and for several years as a guest lecturer at the University of California, Berkeley. In 2006 he won the National Magazine Award for his article “The Man Who Sold The War”, which was published in the Rolling Stone Magazine.

For over three decades, Duncan Campbell researched and produced detailed reports for television, print and online media. His contributions to issues such as state secrets, economic crime and medical fraud gained him not only prices and critical acclaim but also brought him some legal challenges. His best-known investigations led to major disputes with the British government. He was prosecuted under the Official Secrets Act in the “ABC trial” in 1978. 1987, he designed the controversial series “Secret Society” for the BBC (see Zircon affair). And in 1988 he revealed the existence of the Echelon program. In addition, Campbell has made himself a name as a forensic expert in the field of computers and communication data.

DeepSec 2015 Talk: Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks – Mordechai Guri & Yisroel Mirsky

Air does not conduct electricity, usually. Using air gaps between parts transporting electric power by high voltages is a standard method in electrical engineering. Similar strategies are used in information security. Compartmentalisation can be done by network components, logical/physical separation, solid walls, and space filled with air. The only threat you have to worry about are wireless transmissions. Since mobile phone networks permeate our private and business life, access to wireless networks is everywhere. Unless you live in a cave, literally. Mordechai Guri and Yisroel Mirsky have found a way to use cellular frequencies as a carrier in order to transport data out of an air-gapped environment. They will present their results at DeepSec 2015.

Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems has been demonstrated in recent years, exfiltration of data from air-gapped networks is still a challenging task. In this talk we present GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies. Rogue software on an infected target computer modulates and transmits electromagnetic signals at cellular frequencies by invoking specific memory-related instructions and utilizing the multichannel memory architecture to amplify the transmission. Furthermore, we show that the transmitted signals can be received and demodulated by a rootkit placed in the baseband firmware of a nearby cellular phone. We present crucial design issues such as signal generation and reception, data modulation, and transmission detection. We implement a prototype of GSMem consisting of a transmitter and a receiver and evaluate its performance and limitations. Our current results demonstrate its efficacy and feasibility, achieving an effective transmission distance of 1-5.5 meters with a standard mobile phone. When using a dedicated, yet affordable hardware receiver, the effective distance reached over 30 meters. We will extend the discussion to other methods of bridging the air-gap (e.g., thermal covert-channels), countermeasures and future directions.

The wireless spectrum is the major blind spot of enterprises and organisations of all kind. In today’s environment closing the door and lowering the shutters won’t give you any extra protection. We recommend this talk for anyone dealing with defence and fighting against data leaks. The bandwidth of GSMem might not be broadband, but given enough time it will get the job done. Voyager 1 and 2 are still transmitting, and so might be the attacker in your network.


Guri_MordechaiMordechai Guri is an accomplished computer scientist and security expert with over 20 years of practical research experience. He earned his Bsc and Msc, Suma Cum Laude, from the computer science department at the Hebrew University of Jerusalem. Guri is a lead researcher and lab manager at the Ben Gurion Cyber Security Research Center and has been awarded with the prestigious IBM PhD International Fellowship (2015-2016). In the past few years Mordechai has led a number of breakthrough research projects in cyber-security, some of them have been published worldwide. His research topics include OS security, advanced malware, Moving Target Defense (MTD), mobile security and embedded systems. Mordechai is also the Chief Scientific Officer and Co-Founder of Morphisec start-up company.


mirsky_yisroelYisroel Mirsky received his B.Sc. in Communication Systems Engineering from the Jerusalem College of Technology in 2013. He is now a Ph.D. student at Ben-Gurion University in the Department of Information Systems Engineering. He is doing his Ph.D. under the supervision of Prof. Bracha Shapira and Prof. Yuval Elovici. His research interests include smartphone security, context-aware data leakage prevention, and covert channels. He is currently managing a research project at the BGU Cyber Security Research Center.

MJS Article: The Compromised Devices of the Carna Botnet by Parth Shukla

Last year we talked about publishing the proceedings of past DeepSec conferences  with a collection of articles covering presentation held in Vienna. We like to introduce Parth Shukla, who presented a report of the devices compromised by the Carna Botnet.

This article will showcase the latest analysis and the progress of industry collaboration on the problem of Internet facing devices that have default credential logins through telnet. The Carna Botnet, which was used to perform the first-ever map of the Internet – Internet Census 2012 – highlighted a major information security concern with devices that allow default credential login from the Internet by default. For more information on the Internet Census 2012, please refer to the anonymous researcher’s paper.

A complete list of compromised devices that formed part of the Carna Botnet was obtained exclusively by Parth Shukla. This list is NOT publicly available from any source. This data was acquired directly from the anonymous researcher who performed the Internet Census. As confirmed by the researcher, AusCERT to date remains the only organization and researcher in the world that has the complete dataset. Relevant snippets of this data, however, have been provided to CERTs around the world in order to reduce the threat made explicit by the Carna Botnet.

This article will provide a detailed analysis of all the different identifying information for each of the compromised devices that formed part of the Botnet. This detailed analysis will showcase the prevalence of easily-exploitable devices in different countries, regions and in different manufacturers. The ultimate aim of this article is to continue to draw public awareness to the larger concerns faced by information security professionals worldwide. Hopefully, this awareness will persuade manufacturers and even local ISPs to collaborate and address this problem. The Carna Botnet reminds us all that there are numerous, simpler vulnerabilities at risk of exploitation and in need of immediate attention.

The contents of this paper were first released to AusCERT members on 20 August 2013 and to the public on 25 August 2013.

You can download the full article from the Magdeburg Institute for Security Research.

Special Screening of the Documentary “A Good American” during DeepSec 2015

Attendees of DeepSec 2015 will receive a special treat. We have been talking to Friedrich Moser, and he has agreed to show his documentary „A Good American“ on 20 November 2015 exclusively. The private screening will take place in Vienna. It starts at 2100 at the Burg Kino, known for showing „The Third Man“. „A Good American“ explains how to do threat intelligence in a more efficient way, according to the creator of ThinThread:

„A codebreaker genius, a revolutionary surveillance program and corruption across the board of NSA. Against this backdrop unfolds the feature documentary A GOOD AMERICAN. The film tells the story of Bill Binney and his program ThinThread and how this perfect alternative to mass surveillance got ditched by NSA for money.“

After the film Friedrich Moser, Duncan Campbell, James Bamford, and Bill Binney will answer your questions directly at the Burg Kino. Don’t miss this chance! Seats are limited!

DeepSec 2015 Keynote: Can Societies manage the SIGINT Monster?

Gathering data has become very important in the past years. Everyone is talking about intelligence of all shades, few know what it actually means and how you do it properly (we got a workshop for that, if you are interested). Information security needs to anticipate threats and adapt the defences accordingly. The same is true for other areas where security plays an important role, such as national defence. There are also new threats. Surveillance systems expand steadily, and the facts about them were published after 2013. The impact effects all of us, especially companies moving data around and communicating digitally. Although is it difficult to gauge what it means for your daily business, you should not close your eyes and assume that it is somebody else’s problem. We have asked Duncan Campbell to paint a picture of the current state of affairs. Try to see yourself in it, and deduce what it means for your business and customer relations.

Behind closed doors, ubiquitous surveillance systems have evolved in parallel to and hidden within the global communications infrastructure. Developments in signals intelligence (SIGINT) technology and tradecraft have shadowed all new telecommunications developments. SIGINT agencies have covertly sought to lead, change, and subvert arrangements that IT practitioners make for security and privacy.

Partly in consequence, in this decade, we have entered a period of frequent massive and damaging data losses.

Within the closed world of intelligence, leaked material suggests, there has been an arrogance born of lack of challenge and scrutiny and perhaps most tellingly summarized by the hubris that “Nobody But Us” (NOBUS) could be clever enough to do what they do breaking into computers and systems.

Duncan Campbell has spent 40 years bringing the secrets of SIGINT into the open, facing imprisonment and decades of official harassment. He has also worked as a computer forensic expert, looking inside terrorists computers, which he presented at DeepSec in 2011.

In this talk, he will review the history of mass electronic surveillance in the post Edward Snowden world, and the technical challenges that can be examined with the benefit of new information.

The scale and intrusiveness of what has been found baked into the Internet has taken everyone by surprise. But there was no magic at work. Instead, the security of the Internet and all connected to it has been broken by familiar, understandable techniques and technologies. Now we know their names.

In the transitions from analogue to digital, from the first days of C2C (“computer-to-computer”) spying to DNI (Digital Network Intelligence) today, from the first automated surveillance system to today’s multinational behemoths, common tools are still in use 50 years after they were first invented. This talk will help dissect the obscure tradecraft terms that mask and obfuscate how SIGINT works.

What can be achieved by understanding the evolution of SIGINT tradecraft?

In particular, can “mass surveillance”, which advocates prefer to call “bulk collection” and justify as needed for target development, be managed by technical means, within an open, regulated society?

Need the frequently cited tradeoff between security and privacy be a zero sum game?

What can we learn from looking through the new doors on the dark world of communication intelligence?

We recommend Duncan’s keynote for everyone working in information technology. When you plan your defence, you should start with threat modelling; and the facts about surveillance cover the very infrastructure your IT department relies on. It doesn’t stop there, so make sure you get a good look at the Big Picture.

duncan_campbellDuncan Campbell is an investigative journalist, author, consultant and television producer specialising in privacy, civil liberties and surveillance issues. His best-known investigations led to major legal clashes with successive British governments.  Campbell now also works and is recognised as a forensic expert witness on computers and communications data.  He has providing specialist testimony in over a hundred criminal and civil cases and has given evidence to the House of Commons and the European Parliament on surveillance legislation.For over three decades, he has produced and researched in-depth reports for television, print and online media. His award-winning work into topics including government secrecy, corporate crime and medical fraud has earned critical acclaim and provoked legal challenges. He has published on a wide range of subjects in leading UK newspapers including the Guardian, Observer, Sunday Times, Independent, Mail on Sunday, Daily Express.

Thanks to University of Applied Sciences Upper Austria for sponsoring DeepSec 2015!

Since information security experts don’t grow on trees, we maintain close relationships to academic partners. The science in computer science has to come from somewhere. So we are very happy to welcome the University of Applied Sciences Upper Austria among the supporters of DeepSec 2015.

The University of Applied Sciences Upper Austria is a national leader in its field. They offer internationally recognised, practice-oriented degree programmes at four locations in the heart of Upper Austria. As part of their commitment to developing international links, they maintain contacts with some 200 partner universities around the world. How’s that for an open mind? One of their major focuses is the national economy, and their research and development centres are continually developing cutting edge products for a wide range of practical applications. This solid combination of theory and practice has brought the University of Applied Sciences Upper Austria regional and nationwide acclaim.

Take a look at their research programmes and ask questions. Or ask use so we can ask them.

Thanks to for sponsoring DeepSec 2015!

The Austrian Computer Emergency Response Team ( is the primary contact point for IT-security in a national context. When things go wrong and point to organisations, companies, or private persons in Austria, then can help. Their team is instrumental in informing businesses about incidents, thus helping IT staff to respond quickly to attacks. When it comes to fixing the damage and removing compromised hosts from the Internet, you want every bit of information as soon as possible. There you go. is a long-time supporter of DeepSec events. We are glad to welcome them among the sponsors of DeepSec 2015! Make sure to pay them a visit, because they always present cool stuff at their booth. They are keen to answer your questions, so bring loads of them. Also bring coffee, because you will learn something when talking to them. Promised!

Tags: ,
Posted in Conference by . 5 Comments

Thanks to UBIT Vienna for sponsoring DeepSec 2015!

UBIT WienThe Austrian Economic Chambers are the voice of Austrian companies and support their business throughout the years. The specialist group UBIT Vienna is the professional association of business consulting, accountants and IT service provider within the Viennese Chamber of Commerce. With around 20,000 members UBIT is one of the largest Austrian trade groups. The services and consulting activities of UBITs members form an important basis for securing and further developing the business location Vienna. The rapid growth of this specialist group reflects the importance of the three occupational groups UBIT consists of: Around 65% of UBIT members work as one-person companies and nearly half of the companies were founded in the last five years.

UBIT Vienna is supporting the DeepSec 2015 conference. Get in touch with their representatives attending DeepSec if you look for contacts to Austrian IT companies.

Tags: ,
Posted in Conference by . 2 Comments

DeepSec 2015 Talk: A Death in Athens: The inherent Vulnerability of “lawful Intercept” Programs, and Why all Government authorized Backdoors are very dangerous – James Bamford

Some of you might remember the „Athens Affair“. In 2005 Ericsson found backdoors in the lawful interception systems of Vodafone Greece. The software on these modules was altered to successfully wiretap phone numbers without detection. When one of the tapped phones made or received a phone call, the exchange, or switch, sent a duplication of the conversation to one of fourteen anonymous prepaid mobile phones. The incident sparked an investigation, and Vodafone Greece was fined millions of Euros for breaching privacy laws. In February 2015 the Greek authorities issued a warrant for a suspect linked to the NSA.

Lawful interception (LI) capabilities are mandatory for telecommunication equipment. In Europe the technical requirements and standards are developed by the European Telecommunications Standards Institute (ETSI); the 3rd Generation Partnership Project (3GPP) maintains the part relevant for mobile phone networks. There have been a lot of discussions about the implications of putting LI interfaces into the infrastructure. Once you gain access to the LI systems, you get full access to communications without being detected by the communication end-points. James Bamford will hold a presentation at DeepSec 2015 about these concerns. He will use the „Athens Affair“ as the background.

I will discuss the “Athens Affair,” the subject of a recent investigation by me in The Intercept. In 2004, the NSA and CIA worked secretly with the Greek government to subvert Vodafone and other telecom companies in order to conduct widespread eavesdropping during the 2004 Athens Summer Olympics. The NSA agreed, however, to remove the spyware once the games were over. But rather than remove it, they instead secretly turned it on the top members of the Greek government and members of the Greek public, including journalists. When the covert operation was accidentally discovered, however, a Vodafone engineer involved was found dead, either by suicide or murder, and the death was officially connected to the bugging operation. I will show how the operation was pulled off, by recruiting an inside person, then subverting the company’s “lawful intercept” program, and transferring the data back to NSA headquarters at Fort Meade. The episode demonstrates the enormous vulnerability of widespread “lawful intercept” programs, and government backdoors in general, and also how the NSA often uses a “bait and switch” in its operations – promising to help find terrorists, but really spying on the host government and local population instead.

If you use modern communication technology, you cannot ignore lawful interception, just as you cannot ignore illegal interception. It really doesn’t matter why someone eavesdrop on your phone calls, emails, or data transmissions. You need to know what the infrastructure you are using is capable of. This is crucial for planning and implementing your defence. Don’t use any network out there blindly. Secure lines are harder to set up, and sometimes it’s well worth the effort.

We recommend James’ presentation for everyone using communication. No exceptions!

James Bamford Photo 1James Bamford is a columnist for Foreign Policy Magazine, a contributor to Wired magazine, a documentary producer for PBS, and a bestselling author. He is widely noted for his writing about the United States intelligence agencies, especially the highly secretive National Security Agency. The New York Times has called him “the nation’s premier journalist on the subject of the National Security Agency.” And in a lengthy profile, The New Yorker referred to him as “the NSA’s chief chronicler.” His most recent book, The Shadow Factory: The Ultra-Secret NSA From 9/11 to The Eavesdropping on America, became a New York Times bestseller and was named by The Washington Post as one of “The Best Books of the Year.” It is the third in a trilogy by Mr. Bamford on the NSA, following The Puzzle Palace (1982) and Body of Secrets (2001), also New York Times bestsellers.

In September 2014 he wrote a cover story for Wired magazine based on his three days in Moscow with fugitive NSA whistleblower Edward Snowden, the longest any journalist has spent with him there. In addition, he has written for the New York Review of Books, New York Times Magazine, The Atlantic, Harpers, Rolling Stone, and many other publications. In 2006, he won the National Magazine Award for Reporting, the highest honor in the magazine industry, for his writing in Rolling Stone on the war in Iraq. He also writes and produces documentaries for PBS, including The Spy Factory, based of his most recent book, which was nominated for an Academy Award in 2010. His most recent documentary for PBS, Cyber War Threat, aired on October 14, 2015.

Throughout the 1990s, Mr. Bamford served as the Washington Investigative Producer for ABC’s World News Tonight with Peter Jennings where he won a number of journalism awards for his coverage of national security issues. In 2005, he released A Pretext for War: 9/11, Iraq and The Abuse of America’s Intelligence Agencies, an examination of the intelligence community from the attacks of September 11 to the war in Iraq and was also a bestseller.

Mr. Bamford holds a Juris Doctor degree; was awarded a Polymer fellowship at Yale Law School; received a postgraduate diploma in International Law from the Institute on International and Comparative Law, Université Panthéon Sorbonne; and taught at the University of California, Berkeley’s Goldman School of Public Policy as a distinguished visiting professor. He has been a member of the defense team in a variety of high profile espionage and whistleblower cases, including the case involved NSA whistleblower Thomas Drake. He currently lives in Washington, DC after four years in London.
Email:, Facebook:, Twitter: @WashAuthor.

Nikhil Mittal has two Black Hat Europe passes for his attendees

Nikhil Mittal offers two passes for Black Hat Europe, Amsterdam, Nov. 10-13 for his workshop attendees at our DeepSec in Vienna. If more than two are interested we will make a raffle or a sweepstake.

Workshop: Powershell for Penetration testers

Deadline is in two weeks, when we make final decisions about our workshops.

So if you are interested in Powershell and have spare-time in November it’s a good time to book for DeepSec and visit Black Hat Europe for free:

DeepSec Registration


Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients, including many global corporate giants. He is also a member of Red teams of selected clients.

Best regards,

The DeepSec Team


DeepSec Talk: Got RATs? Enter Barn Cat (OSint)

We are happy to have John Bambenek (Fidelis Cybersecurity & SANS Internet Storm Center) on stage to present his new Open Source Intelligence Project Barn Cat.

OSINT Barn Cat: Mining Malware for Intelligence at Scale

I like the name of the project: Barn cats are the best mousers and this new project is targeted to catch (not only) RATs. In reality we have a hard time to keep track and ensure up-to-date signatures, with half a million unique samples pouring into the analysis machinery of the AV-industry and signature producers every day.

Barn cat has a new approach: Instead of learning every time from scratch how a new mouse looks like, Barn Cat monitors the criminal infrastructure to detect undesired activity in your network. It’s like a true barn cat couching in front of the mouse-hole: Eeverything coming out of there is lunch, no matter whether it’ grey, brown or speckled . If we only knew which mouse-holes to watch…

OSint Barn Cat will look for the CC and Drop-Zone configuration within malware samples to build a close-to-realtime  open source database of the mouse-holes to watch. Want to know more? Visit us in Vienna!

Bon Appetit and hope to see you next month at the DeepSec,