Some speak of Crypto Wars 2.0. For others the Crypto Wars have never ended. FBI Directory James Comey does not get tired of demanding back doors to IT infrastructure and devices (there is no difference between back door and front door, mind you). Let’s take a step back and look at the threats. We did this in 2011 with a talk by Duncan Campbell titled How Terrorists Encrypt. The audience at DeepSec 2011 was informed that encryption does not play a major role in major terror plots. What about today? Have terrorists adopted new means of communication? Since the authorities demanding access to protected information do not have statistics readily available, we turned to researchers who might answer this question. Julie Gommes will present the results of studies analysing the communication culture of criminal
The DeepINTEL event in September will have a strong focus on a specific kind of intelligence. We will address the issue of espionage. Given the headlines of the past six months it is clear that companies are subject to spying. There is no need for euphemisms any more. Even with half of the information published on this matter, there is no way to deny it. Since the trading of data is a lucrative business, the issue won’t go away. So if you run a company or an organisation, then you might want to deal with risks and threats before they deal with you. DeepINTEL is focused on security intelligence. Few CISOs and CEOs have a grasp what this really means. It is much more than doing risks analysis or threat assessment. As we have
Good news everyone, there will be a DeepINTEL conference in 2014, and we are looking for presentations! DeepINTEL 2014 will be held in September at the same location as in 2013. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. If you have questions on this, please contact us directly via firstname.lastname@example.org or the contact information given on our web site. Here is the Call for Papers for DeepINTEL 2014:
If something happens in your network, it’s an established custom to blame it on China. This approach is tried and true among the Chief Information Officers (CIOs) who have some explaining to do. Throw in the inevitable Advanced Persistent Threat (APT) and you are set. No more explanations necessary. Why is that? Well, most people don’t know, therefore Wim Remes of IOactive will give you a thorough overview in his talk titled Cultural Learning Of China To Make Benefit Glorious Profession Of InfoSec. Geopolitics is a good start. The current debate about the role of China as a nation, in international hacking incidents and corporate espionage is framed in an almost exclusively US-centric narrative. Using your adversaries as scapegoat works well, provided you talk to like-minded people and nations. China, however, is a nation
The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just stay away from the fancy stuff), and all kinds of Big Data applications that can turn shoddy metrics into beautiful forecasts of Things to Come™ (possibly with a Magic Quadrant on top, think cherry). What could possibly go wrong? Well, it seems attackers still compromise systems, copy protected data, and get away with it. Security often doesn’t „add up“, i.e. you cannot improve your „security performance“ by buying fancy appliances/applications and piling them on top of each other. What
The second DeepINTEL conference ended two days ago. We had great talks and met wonderful people sharing insights and exchanging thoughts about how to cope with information security. Our thanks go to everyone attending DeepINTEL 2013! In case you missed this year’s opportunity, there will be a DeepINTEL 2014 conference. Its date will be announced at DeepSec 2013. If you have content for DeepINTEL 2014, please get in touch with us as soon as possible!
Due to personal reasons one of our DeepINTEL speakers had to unfortunately cancel his appearance. Therefore we present a new talk held by Caroline Krohn. The title is “Advanced Security through Network Intelligence”. „Network Intelligence“ is the sum of findings extracted from people’s activities in the internet. Information related to people can be either, restricted and protected by any kind of encryption, or public and available to everybody. Nowadays, it is almost sufficient to collect data from open sources to put together a precise profile on a person of interest. Transparency does not only occur through own postings on so-called social networks, such as Facebook, Xing, LinkedIn, Twitter. Third party mentions and pictures other people post and tag, etc. also help following people’s activities outside the internet. Even the decision not to appear on
Cooling temperatures in Vienna bring new talks to DeepINTEL. We are proud to announce a talk by Colin McLean, lecturer in Computing at the University of Abertay Dundee in Scotland. He discussed the problem of finding hackers with security skills (and who probably do not possess the attributes Mr Hayden sees in his own IT staff). The abstract reads as follows: There is a cyber security skills shortage and it’s becoming a world-wide concern with many stakeholders warning of impending doom. Browsing the Internet shows that this concern is not only expressed from the USA, and the UK, but all over the world. Mark Weatherford of the US Department of Homeland Security has stated “The lack of people with cyber security skills requires urgent attention. The DoHS can’t find enough people to hire.”. The
We have added a new talk to the DeepINTEL 2013 schedule. Karin Kosina will talk about „Mutually Assured Pwnage“ and critically explore what Cold War analogies can and cannot teach us about war in the 5th domain. “Cyberwar” has become a thing (never mind that no-one seems to really know what that thing really is). Along with the militarisation of cyberspace – or “the fifth domain of warfare” – there has been a flurry of attempts to draw analogies to other models of conflict. While this is understandable to a certain extent – What worked in the past may work again in the future, right? And let’s not be so cynical here to speak about hammers and things that look like nails… –, it has in many cases only added to the confusion around an already confused
Spying and Distrust are not new, Full Stop. We are old enough to have witnessed many large spying programs in “real time”, starting in the 90ies and continuing until now. Everybody spies on everybody else, everybody tries to use every resource available to gain any kind of intelligence useful for the very own benefit. Alliances, treaties and promises (or vows if you take it more seriously) only have secondary value when it’s about the own advantage. This is true for most aspects of our life, be it private, business or international political affairs. Spouses (sometimes) distrust each other. Business partners (sometimes) negotiate with most detailed contracts to leave as little room as possible to deviate from the expectations, trusting in legal frameworks, lawyers and neutral judges to enforce the expectations. In international affairs (sometimes)
The preliminary schedule of the DeepINTEL conference is ready! We have selected the presentations carefully and tried to address in-depth threats to (y)our infrastructure and (y)our data. Here are the abstracts of the talks (in alphabetical order, according to the speakers name), that we are allowed to publish publicly: Compliance and Transparency of Cloud Features against Security Standards (Yury Chemerkin) Nowadays cloud vendors provide a solid integration, virtualization and optimization in many fields (for example medical, business, and education) for online services. Such services operate with sensitive data which attracts attackers. There are quite different security controls and metrics for every Cloud service provider. It is generally known that several industrial organizations are focused on keeping an appropriate security level by offering solutions to improve the transparency of Cloud security controls among different vendors.
There was a Cryptographers’ Panel session at the RSA Conference with Adi Shamir of the Weizmann Institute of Science, Ron Rivest of MIT, Dan Boneh of Stanford University, Whitfield Diffie of ICANN and Ari Juels of RSA Labs. You have probably read Adi Shamir’s statement about implementing (IT) security in a „post-crypto“ world. He claimed that cryptography would become less important for defending computer systems and that security experts have to rethink how to protect valuable information in the light of sophisticated Advanced Persistent Threats (APTs). „Highly secured“ Infrastructure has been compromised despite „state of the art” defence mechanisms. So what does rethinking really mean? Do we have to start from scratch? Should we abandon everything we use today and come up with a magic bullet (or a vest more appropriately)? Our first implication
During the opening of DeepSec 2012 we announced that there will be a second DeepINTEL seminar taking place in Summer 2013. We have successfully explored topics of security intelligence and strategic security at the past seminar. We wish to continue and ask you to send us submissions for presentations by e-mail. DeepINTEL is a single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. In addition there will be no recordings published
The first DeepINTEL was very successful, and we enjoyed the presentations given and the many discussion that followed. While we will not disclose details or publish the slides of the talks, we would like to point you to reviews others have written. DeepINTEL 2012 by c-APT-ure DeepIntel 2012 – An Intelligent Security Conference DeepINTEL – Day one DeepINTEL – Day two Cybercrime – Who are the offenders? (Slides) Ergebnisse der IT-Sicherheitstagung DEEPINTEL am 3.3.2012 in Fuschl am See (in German) We definitely have some more ideas of how to tackle big data, how to identify and defend (in this order) digital assets, what „Cyberwar“ looks like, how to deal with threats and how to aquire information for analysing who’s after your data. Some of the topics with be described in more detail on our
This is an old saying and like most old sayings it bears some truth: the first one to notice an opportunity does indeed have an advantage. But I don’t want to philosophize about “ancient wisdom” or something the like but I want to address a quite up-to-date topic: 0-day prevention, early warning systems, heuristic detection and how fast you have to be to catch worms and 0-day exploits. A lot of security vendors and open source security projects provide a very fast response to emerging threats. New worms and malware are detected quickly after appearance in the wild and signature patterns are updated a couple of times daily. So you should be safe. Really? How much of your resources would you spend on 0-day prevention and how effective is it? We have learned from