Water Plants, Cyberwar, and Scenario Fulfillment

René Pfeiffer/ December 1, 2011/ High Entropy, Security, Stories

While we refuse to add a Cyberwar category to this blog, we want to explore this shady topic with a story. Do you recall the water plant hack a few weeks ago? According to news floating around in the Internet an US-American water plant in Illinois suffered from a security breach together with a failed water pump. Apparently attackers took the pump out by applying a well-tried IT technique called „Have you tried to turn it off and on again?“. So in theory this is a full-scale Cyberwar incident that puts all of our infrastructure at risk – plus you can add the magical acronym SCADA when talking about it, thus lowering the room temperature a few degrees and imposing the well-tried fear and awe effect on your audience. While industrial control systems remain

Read More

Talk: On Cyber-Peace – Towards an International Cyber Defense Strategy

René Pfeiffer/ November 4, 2011/ Conference

While UK is preparing for war we’ll try something completely different at DeepSec 2011. We will talk about peace („cyber-peace“ to be exact). The ill-defined term cyber-war is haunting media, security communities, politics and the military for a while now. We already had talks about this at past DeepSec conferences. Cybersecurity is currently a big hype even in mainstream media like the Frankfurter Allgemeine Zeitung, The Guardian or The New Yorker. Exploits and Vulnerabilities like Stuxnet or the German Trojan Rootkit for Lawful Interception are discussed in prime time news. Hackers like the Chaos Computer Club offer technical advice to the German Parliament and the highest court, the Federal Constitutional Court. Due to the constant work of security experts, researchers and hackers (including some really cool media fnords and stints), the level of security

Read More

Veranstaltung zum Thema Informationstechnologie und Sicherheitspolitik

René Pfeiffer/ July 1, 2011/ Veranstaltung

Zwischen dem 28. und 31. Juli 2011 findet in Berlin die 1. Sicherheitspolitische Aufbauakademie des Bundesverbandes Sicherheitspolitik an Hochschulen statt. Sie trägt den Titel „Informationstechnologie und Sicherheitspolitik – Wird der 3. Weltkrieg im Internet ausgetragen?“. Die DeepSec Konferenz wird bei dieser Veranstaltung mit zwei Vorträgen zum Thema „Angriffe gegen Funknetze – wie verwundbar ist das GSM-Netz?“ und „Ausgewählte Angriffsvektoren — Zombies, Botnetze und dDoS-Attacken“ mitwirken. Wir versuchen damit Auszüge und Zusammenfassungen der vergangenen DeepSec Konferenzen komprimiert und auch für Nichttechniker zu vermitteln. Das volle Programm ist als PDF herunterladbar. Im Rahmen der Veranstaltung sollen die Themen Sicherheitspolitik und Informationstechnologie miteinander verbunden werden. „Cyberwar“ ist in aller Munde und hat schon Eingang in Militärdoktrine gefunden. Es stellen sich daher die Fragen: Was ist „Cyberwar“? Welche Bedrohungen sind relevant? Wie kann eine Auseinandersetzung mit Mitteln der

Read More

Thoughts about Threats by „Virtual Bombs“

René Pfeiffer/ May 22, 2011/ Security

The German  Federal Minister of the Interior, Hans-Peter Friedrich, has warned „that it is only a question of time until criminal gangs and terrorists have virtual bombs at their disposal“. While the term „virtual bomb“ is very vague by itself, the minister mentioned „malware“ as well. This is no surprise for security researchers. Malicious software has already been used for attacking companies. The infrastructure of whole countries has been attacked as well. Logic bombs have been used in the past, but they have never been used to wage warfare. They have been used for revenge by disgruntled employees or for blackmailing someone (as the ransomware malware also does). Tools like this are used for very specific purposes (such as espionage or targeted destruction), but never for an all-out assault. Even a (D)DoS often has

Read More

DeepSec: Mobile Radio Networks as Targets for Virtual Warfare

René Pfeiffer/ November 20, 2010/ Press

Vienna – The times when a mobile phone was used solely to make calls are long gone, now it’s all about making pictures and surfing the Internet. The groundbreaking success of the iPhone is just one example for the fact that mobile phones have long since outgrown their original use. Youths and adults use them every day  to get information about recent news, the weather or navigation for a future trip with the car. Having the new all-purpose information device by the hand has become a habit. But what happens if criminals or assassins attack the mobile phone network? Cyber War: Public Life in the Crosshairs “The GSM radio network is used by more than 200 countries and holds many spectacular flaws which we want to illustrate.”, explains René Pfeiffer, organiser of the international

Read More