Thursday, December 29, 2011

The ever evolving world of cyber-spy vendor conferences....


The ever evolving world of cyber-spy vendor conferences....

By JOSEPH FITSANAKIS,

It is common knowledge among intelligence observers that espionage activity around the world is on the increase, having in some cases surpassed Cold-War levels. The main facilitator of this phenomenon is technological, namely the ease of access to classified information afforded by relatively safe cyberespionage techniques. In our 21st-century, therefore, the spy v. spy game takes place largely online. Ironically, however, many of the government agencies engaged in offensive cyberintelligence operations against each other buy the required software and hardware from the same vendors. The latter are private companies, headquartered in Milan, London, Johannesburg, Montreal, and other cities around the world, which periodically participate in industry trade shows. These gatherings are eerie, secretive meetings, frequented by international spies representing various governments, and are strictly closed to outsiders. Vernon Silver, of Bloomberg, which has done an admirable job lately tracking the operations of these secretive vendors, has penned a fascinating exposé of one such bizarre trade show, called ISS World. Known informally as ‘Wiretappers Ball’, ISS (short for Intelligence Support Systems) World convenes several times a year in various cities around the world. One recent show, which took place in Malaysia, hosted nearly 1,000 attendees from 56 countries, writes Silver: “unlike trade shows, this one had no social events [and] no corporate-sponsored cocktail parties”. Instead, merchants of communications interception technologies offered demonstrations to agents of various governments, of what is called “offensive IT intelligence”. These demonstrations, conducted by appointment only in darkened conference rooms, center on technologies that can hack cell phones, break into email accounts, unscramble encrypted Skype calls, and surreptitiously access targeted web cams. Typically, ISS World is closed to journalists; when Bloomberg’s Silver attempted to interview an ISS World employee, presenting him with his business card, he was flatly told that “anyone can print a business card”, and therefore it cannot be regarded as a reliable form of identification. Perhaps the strangest part of these trade shows is that they attract agents of rival governments, who presumably purchase interception equipment from the same vendors; Silver describes a scene in which “contingents from Greece and Turkey sat on opposite sides of the [same] room” during a conference break. Moreover, some countries forbid their representatives from interacting with agents of other governments at these events, fearing possible recruitment attempts from rival spy agencies. In some cases, governments will send ‘minders’ as part of their national delegations, whose task is to “watch the rest” of their team at the conference. Silver’s fascinating article is here.

It’s not just industry insiders and corporations who sponsor and/or stage major “trade” events ripe for espionage. I believe that much of the country would be surprised and concerned if they knew what went on during the many “back room” and other unofficial events at the major hacker conferences like Black Hat in Las Vegas.

Many of the ‘invitation only’ and even some of the more or less ‘open’ sessions are high-level, educational events with focus on penetration, exploitation, encryption and obfuscation.

Attendees at these conferences are most definitely not the script kiddies, gamers, music pirates and unsophisticated rogues that much of the PR, such as it is, implies. They are, however, quite adept at games such as “Spot the Fed” and “Out the Outsider.”

Over the past ten or so years the increase in foreign nationals and other ‘attendees with an agenda’ at these training programs has been noticeable....

The main philosophy boils down to “ALL Knowledge Should Be Shared.”
While I believe in the nobility of the goal, the practicality is lacking a bit because, as we all know, some knowledge should NOT be shared.

When Black Hat comes to town the casino security staffs go on overtime. While some ‘sessions’ do focus on things like hacking video poker and so on, these are usually attended by ‘newbies’ and the idly curious. The conferees don’t want to mess where they eat.

I did have the network manager for one casino tell me that she actually looked forward to it, because it was an annual and thorough test of the casino’s security.

Many sessions are highly technical and delve into very sophisticated techniques for executing everything from firewall breaches to building and destroying botnets. Representatives from many vendors (IBM, CISCO, Verisign, etc.) attend, though they may endeavor to be anonymous.

Because of the proliferation of ‘moron level’ do-it-yourself virus kits, the sessions on malware have become increasingly sophisticated with emphasis on rootkits and ‘sleeper trojans.’

There are always a number of both formal and informal sessions and discussions on database security, the latest encryption techniques and known security vulnerabilities.

Since almost everyone has affordable, unlimited US voice calling, phone phreaking sessions focus more on understanding/hacking international networks and cellular/satellite hacking and mischief with Smart Phones.

Of course virtually NO ONE pays for any kind of wireless connectivity either at the conference or back home.

For the most part, the conference is mis-named, since the vast majority of those who attend are ‘more or less’ good guys, or White Hat hackers. While there is usually a noticeable non-US presence, I’ve watched the makeup of that group change over the last ten years. I see fewer Japanese, South Korean, Taiwanese and other ‘friendlies’ and more Chinese, Russian and Middle Eastern individuals.

Though a lot of people might look at the ‘average’ Black Hat attendee as a crook/bad guy, and some are, the majority are basically patriotic and wouldn’t intentionally do anything to compromise US security. That word “intentionally” however, is the rub. They do a pretty good job of policing themselves, and it’s rare, but not unknown, to see an “undesirable” being forcibly ejected from one of the private sessions....



No comments:

Post a Comment