DeepINTEL Report: The view from Vienna: OPSEC, Iran’s cyberpower, and tech decoupling

René Pfeiffer/ November 30, 2022/ DeepIntel, Security Intelligence

We are a bit late with the summaries from our event. Let’s start with some public information from DeepINTEL 2022. The conference is a closed event where security experts can openly discuss updates on threats, capabilities of potential adversaries, and all kinds of intelligence information related to information security. Steph Shample, an expert from the Middle East Institute (MEI), gave an update on Iran’s capabilities in past and present APT, cybercrime, ransomware, and cryptocurrency. The connections of Iran with China and Russia were discussed, too. Given the invasion of Ukraine, Russia is trying to get support for its digital operations. Mohammed Soliman, also from the Middle East Institute, presented his research on the technology containment strategy by the US administration. The stance regarding 5G serves as a blueprint. It is important to emphasise that

Read More

DeepSec 2019 Talk: Techniques and Tools for Becoming an Intelligence Operator – Robert Sell

Sanna/ September 23, 2019/ Conference, Security Intelligence

In this talk at DeepSec 2019, Robert will introduce the various operations that Trace Labs has performed to help illustrate Open-Source Intelligence (OSINT) techniques used in finding details on real human subjects. Trace Labs is a non-profit organization that crowdsources open source intelligence to help law enforcement find missing persons. Trace Labs is non-theoretical and its members are conducting OSINT on real people. Robert lifts the curtain on successful OSINT techniques that can be used to pull up important information on individuals. Many of the slides show specific tools and techniques that can immediately be used to improve your OSINT results. The talk starts with a brief introduction to Trace Labs and its mission of helping law enforcement through a crowdsourced, open source intelligence. It then moves into a technical discussion on how to

Read More

DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics

Sanna/ September 5, 2019/ Conference, DeepIntel, Press, Schedule, Security, Security Intelligence

(Original press release was published on 29 August 2019 via pressetext.com) Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same

Read More

DeepINTEL 2018 Talk: Framing HUMINT as an information gathering technique – Ulrike Hugl

Sanna/ November 20, 2018/ DeepIntel, Security Intelligence

NATO defines human intelligence (HUMINT) or hyoo-mint as “a category of intelligence derived from information collected and provided by human sources” (NATO Glossary of terms and definitions, APP-6, 2004) focusing on different kinds of information, for example data on things related to a human, information about a human’s specific knowledge of a situation, and other issues. HUMINT is differentiated into several categories like clandestine and overt collection. And: It is one of several other traditional intelligence collection disciplines, so called INTs; examples are SIGINT (signals intelligence), OSINT (open source intelligence), MASINT (measurements and signatures intelligence), GEOINT (geospatial intelligence), TECHINT (technical intelligence), SOMINT (social media intelligence), FININT (financial intellicence, gathered from analysis of monetary transactions), as well as CYBINT/DNINT (cyber intelligence/digital network intelligence, gathered from cyberspace). Intelligence Services deal with the analysis and collection of

Read More

DeepINTEL 2018 Talk: Cyber Threat Intelligence – The Next Era of Cyber Security? – Markus Auer

Sanna/ November 5, 2018/ DeepIntel, Security Intelligence

The DeepINTEL security intelligence conference focuses on threats, indicators of compromise, and strategic counter measures. Information security is more than superficial. This is why we have asked Markus Auer to hold a presentation at DeepINTEL (28 November 2018). He explains his ideas in short: We are tired of adding new products to our ever-growing security structure. Although this has been a common practice for years, it does not bring lasting success. Attacks continue to occur – faster, more comprehensively and with much greater impact and rising costs. Despite all protection levels and measures, the current security approach fails. We want to stop the expansion and purchase of more reactive products that are targeted to the recent attack. Instead, security operations should be improved by aligning existing security technologies and teams and using the information

Read More

DeepSec 2018 Talk: Information, Threat Intelligence, and Human Factors – John Bryk

Sanna/ September 21, 2018/ Conference, Security, Security Intelligence

“Across the ICS spectrum, organizations are gathering threat data (information) to protect themselves from incoming cyber intrusions and to maintain a secure operational posture.”, says John. “Organizations are also sharing information; along with the data collected internally, organizations need external information to have a comprehensive view of the threat landscape. Cyber threat information comes from a variety of sources, including sharing communities such as Information Sharing and Analysis Centers (ISACs), open-source, and commercial sources. Immediately actionable information is mainly low-level indicators of compromise, such as known malware hash values or command-and-control IP addresses, where an actionable response can be executed automatically by a system. Threat intelligence refers to more complex cyber threat information that has been subjected to the analysis of existing information. Information such as different Tactics, Techniques, and Procedures (TTPs) used over

Read More

New date, same Location: DeepINTEL 2018 has been moved

René Pfeiffer/ August 10, 2018/ Administrivia, Call for Papers, Security Intelligence

The DeepINTEL 2018 has been moved in time, not in space. DeepINTEL 2018 will take place on 28 November 2018. The day is the second day of trainings at DeepSec. DeepINTEL will be in parallel, and it will be for one day instead of the original two days. We had to moved because of organisational constraints. By moving DeepINTEL we hope to create a better placement for the security intelligence platform. In addition the DeepINTEL Call for Papers is easier, allowing trainers and speakers at DeepSec to contribute to the aspect of DeepINTEL with specific content. In case you have some content for us: he focus for 2018 are stealthy and persistent attacks. This is the classic espionage attack vector, only with modern means. Ubiquitous networking, complex trust-relationships, and the increased flow of information

Read More

How the BND monitors Communication in Austria

Sanna/ July 12, 2018/ High Entropy, Security Intelligence

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience.] How the BND monitors communication in Austria At the most important connection to the Frankfurt node DE-CIX data streams from Austria are copied in their entirety to lines of the BND. Selected results of their evaluation are returned by the BND to the Austrian Army Intelligence Office in Vienna. by Erich Moechel for fm4.orf.at The reaction of the Austrian government regarding the publication of a list of targets of the German Federal Intelligence Service (BND) in Austria has caused surprise and amusement amongst intelligence experts. The general tenor: Either the Austrian government really has no idea how

Read More

Big Data Analytica – What Attackers might be after

René Pfeiffer/ June 8, 2018/ Discussion, High Entropy, Security Intelligence

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the owner of the platform. Once something is concentrated, cached, and accessible to digital evaluation, it will be harvested for its content and context. It’s as simple as that. This has always been the case. Penetration testers (best case) select their targets based on this criterion (among others). What has all of this to do with information security? Well, information security, just as the social media platforms, just can’t do without analysing data. The difference is how to protect and

Read More

Advanced and In-Depth Persistent Defence

René Pfeiffer/ March 26, 2018/ Discussion, Security Intelligence

The attribution problem in digital attacks is one of these problems that get solved over and over again. Of course, there are forensics methods, analysis of code samples, false flags, mistakes, and plenty of information to get things wrong. This is nothing new. Covering tracks is being done for thousands of years. Why should the digital world be any different? Attribution policy tactics, APT, is part of the arsenal and thus part of the threats you are facing. It has less impact though, because it is only of interest when your defence is breached – and this means you have something else to worry about. Attribution is not useful for defending against threats. While you can use to to „hack back“, this will most probably not help you at all. The main problem with

Read More

The Grotesqueness of the “Federal Hack” of the German Government Network

Sanna/ March 19, 2018/ High Entropy, Security Intelligence

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience. We will follow-up on it with an article of our own about attribution, digital warfare, security intelligence, and the DeepINTEL conference.] A friendly secret service knew more about espionage against the German government network than the German counterintelligence. Three months after the hack was discovered, the attackers are still somewhere in this huge federal network. By Erich Moechel for fm4.orf.at One week after the announcement of the attack on the security network of the German Federal Government details only leak slowly. The first official statement on Friday claiming that the alleged Russian Trojan suite was already under

Read More

DeepSec 2017 Workshop: Hunting The Adversary – Developing And Using Threat Intelligence – John Bambenek

René Pfeiffer/ October 12, 2017/ Conference, Security Intelligence, Training

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just stay away from the fancy stuff), and all kinds of Big Data applications that can turn shoddy metrics into beautiful forecasts of Things to Come™ (possibly with a Magic Quadrant on top, think cherry). What could possibly go wrong? Well, it seems attackers still compromise systems, copy protected data, and get away with it. Why is that? Easy: You lack threat intelligence. Security often doesn’t „add up“, i.e. you cannot improve your „security performance“ by buying fancy appliances/applications and

Read More

DeepINTEL Conference approaches the next generation of IT Security

Sanna/ August 31, 2017/ Conference, Discussion, Security Intelligence

Strategic Information Security: Predicting the Present DeepINTEL Conference presents Approaches to the Next Generation of Security Many products and approaches of information security are trying hard to predict the future. There is always a lot of talk about threats of the future, detection of attacks before they arise or the magic word “pro-active”.  But the prediction of the future does not benefit your business if the present is still unknown. When it comes to information security this means: Do you now know enough about your current situation to make the right decisions within the next few hours? The DeepINTEL seminar conference, which takes place on 21st/22nd of September in Vienna, focuses on this strategic question. Analogies distort Perception and Facts Analogies are often used to illustrate connections. Especially in the areas of IT security,

Read More

Mythbusting: Anti-Virus Research considered dangerous

Sanna/ August 18, 2017/ High Entropy, Internet, Security Intelligence, Stories

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer end-to-end encryption over insecure communication all of the time. Proposals of severely damaging information security for all of us by using sanctioned malicious software are still being debated in parliaments. Backdoors, covert or otherwise, are no line of any defence, as many military strategists will readily tell you. Marcus Hutchins was in the news recently, because of claims that he developed a strand of malware tied to attacks on financial institutions. While you can debate all you want about

Read More

Digital Security of the Future: Technology and Algorithms alone are no Substitute for Strategy

René Pfeiffer/ July 14, 2017/ Conference, Security Intelligence

Unfortunately, you can not rely on antivirus programs when it comes to the security of your own business. Antivirus programs do not read newspapers, they do not attend lectures, they don’t protect you from social engineering or know the meaning of Facebook friends or Twitter tweets. False friends, indeed. The continuous monitoring and evaluation of threats is the next step in information security. This aspect has always been an important part of digital defense. Today’s discussion often centers around the term Security Intelligence, which unites different approaches. The DeepINTEL is Austria’s first event, which, since 2012, has been taking up this topic – in all its facets, because modern information security is interdisciplinary. Lectures by experts from various fields of science, defence and industry: At DeepINTEL you have the opportunity to strategically rethink your

Read More