DeepSec has a tradition of holding a „night talk“. This is the last talk on the first day, just before the Speaker’s Dinner. Don’t let the expectation of good Austrian food fool you. Morgan Marquis-Boire will serve you an appetiser which may be hard to digest: Armageddon Redux
The talk is a follow-up on Morgan’s Fear, Uncertainty and the Digital Armageddon talk held at DeepSec 2008. During the past years security researchers have been warning about attacks on fundamental infrastructure. The ghosts and dæmons haunting SCADA systems lead to scary scenarios portraying a failing civilisation. At the time, there was significant worry about the danger that digital sabotage posed to the systems that run our everyday lives. Take a look at the recent Tōhoku earthquake and tsunami in Japan and its impact on industrial control infrastructure. While this event wasn’t created by Black Hats (yet!), it shows what happens if infrastructure breaks down (in terms of power grid and networks we’re used to relay information on).
It appears that our threat landscape has changed considerably since then and that the Internet (and by proxy the world?) is a significantly more dangerous place. Cyberwar, Stuxnet, and APT have become common industry buzzwords. Malware has become prevalent on platforms other than windows, and it seems like every month or so another security company suffers a high profile compromise or data leak. Are we really hurtling towards the Infocalypse? An age where the Internet is mainly a conduit for espionage and organised crime? Or is this simply hype in a industry obsessed with $/€/¥/￡? This talk will examine aspects of the security arms race occurring today, one that is both digital and ideological.
We haven’t turned into a conference of security philosophers. We just feel that there is a need to explore potential consequences and to (re)evaluate the risks that attack tools combined with (infra)structural vulnerabilities can create. If the face of Digital Doom keeps changing, our mindsets should do so, too.