Black Hat USA 2010 and DEF CON 18 Wrap Up - ITS Tactical
Shop the ITS Store!
 

Black Hat USA 2010 and DEF CON 18 Wrap Up

By Jason Robert

Black Hat USA 2010 and DEF CON 18 took place last week in Las Vegas. In order to really appreciate the magnitude of each conference proceedings, it is important to understand where each conference focuses its attention.

Black Hat is a security conference largely addressing all things computer and communications security. It is where industry comes together, describes attack vectors, and openly talks about malware, hackers, and threats to innocent systems and privacy. Black Hat is big business, both expensive to attend and sponsored by big name companies such as IBM and Adobe. If Black Hat were personified as a female actor, it is probably most analogous to an Angelina Jolie. Mostly prim and proper, strong reputation, easily discussed in polite conversation.

In sharp contrast is DEF CON, a conference in its 18th year. This year’s theme: 18 and barely legal. If that doesn’t set the tone for this conference, consider that DEF CON would be best personified as Lindsey Lohan- often drifting into illegal situations. DEF CON is an all-cash conference, no attendance records by design. It is where electronics and software gurus–hackers in proper parlance, meet for 3 days to discuss–and demonstrate–the unthinkable.

Highlights

The highlight of the entire week had to come from DEF CON. For approximately 20 minutes, the presenter “legally” became an AT&T cellular tower, hijacking all the cell phones that use the GSM cellular network. Lawyers were on hand, as were the local media, to witness the presentation entitled Practical Cellphone Spying, by Chris Paget.

The synopsis of the hour-long presentation is this: HAM operators are permitted access to portions of the 900MHz spectrum, so long as they announce their call sign on a regular basis and transmit at less than 100 watts. A portion of this spectrum overlaps with the GSM frequencies used here in the United States. Chris used a 25 milli-watt transmitter and OpenBTS (http://openbts.sourceforge.net/) to capture AT&T handsets, using a VOIP solution as a backhaul. Members of the audience were encouraged to make phone calls during the session. Randomly by design, some were connected through the VOIP backhaul, calls recorded in the process, while others were met with a devilish recording advising them that their call couldn’t be completed, and done in a way one would expect from a DEF CON presentation. Total investment with gear purchased from eBay: no more than $2000.

Most disconcerting to some was that during this presentation 911 services were not available to the GSM phones linked to Chris’ tower. The humorous understatement of the moment: if you burst into flames from the antenna radiation, be sure to find someone with a Verizon (CDMA) phone to dial 911 on your behalf.

Digital Security

The range of digital security discussions across both conferences was daunting. From instructions on how to hack millions of routers, devices that make the Internet a reality, to intricate instructions on how to jackpot ATM machines, my mind consistently wandered toward the same question at the end of virtually every session I attended: have the digital technologies that we’ve come to rely on forsaken us?

Black Hat brought in the biggest names, including Deputy Secretary Jane Holl Lute from the US Department of Homeland Security, and Gen (Ret.) Michael Hayden, former director of both the CIA and the NSA. Both speakers delivered more provocative questions than answers, asking the audience to consider how society has become enamored with technologic advances, ignoring the security ramifications that follow widespread adoption.

Nothing is Truly Secure

The Black Hat opening day keynote emcee succinctly stated the problem: nothing we have built is truly secure. Think about it this way–email, web browsers, digital hardware, including wireless access points, routers and firewalls, and even today’s mega-smart cell phones–none of them is truly secure. Nothing engineered to date is truly secure.   Why?!? Is security that hard to design? Why is encryption so often easily skirted with simple man-in-the-middle attacks? Does the rate at which we innovate preclude us from building secure systems? Are innovators so obsessed with innovation that security is an afterthought, if a thought at all? Or, is security simply beyond the grasp of human engineering? After all, security especially in recent years has been given an elevated status by the media.

What are the ramifications of our inability to build secure systems? The ramifications are disturbing. We often speak about the notion of privacy, but spend 8 consecutive days with hackers at these conferences and one can’t help but reach the conclusion that privacy is already a thing of the past.

Data Leaks Series Planned

Over the next several weeks, we’re going to embark on a journey here at ITS that takes a deep, critical look at the data leaks in your life. These are data leaks that you probably didn’t even know existed. We are going to look at how your car tire valve stems (not tread marks) can give away your daily routine, how WiFi as we know it is fundamentally broken and unsafe, how your computer or cell phone can easily be compromised by a determined hacker armed with an openly available rootkit, and how big business wants to force intrusive location based services (LBS) upon you in the name of profit margins.

The conclusion of the series is likely obvious to most–if you want true privacy, move to the backcountry and unplug everything that has a transistor in it. If that’s not an option, and if you want to better mitigate the digital risks imposed on life from technology, stayed tuned…

Did you get more than 14¢ of value today?

If so, we’d love to have you as a Crew Leader by joining our annual membership! Click the Learn More button below for details.

Thanks to the generosity of our supporting members and occasionally earning money from qualifying purchases as an Amazon Associate, (when you click our Amazon links) we’ve eliminated annoying ads and content.

At ITS, our goal is to foster a community dedicated to learning methods, ideas and knowledge that could save your life.

Discussion

Do you have what you need to prevail?

Shop the ITS Store for exclusive merchandise, equipment and hard to find tactical gear.

Do you have what you need to prevail? Tap the button below to see what you’re missing.