back to the roots – incident case study
DESCRIPTION
Back to the roots – incident case study. Mikko Karikytö Head of Ericsson PSIRT. outline. Ericsson PSIRT – intro Setting the scene The Case The contact Investigation Aftermath Conclusions. Ericsson. 40%. 180. 2.5b. “Constituency”. Ericsson PSIRT. Established 2004 TI 2005 - PowerPoint PPT PresentationTRANSCRIPT
Back to the roots – incident case studyMikko KarikytöHead of Ericsson PSIRT
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 2
› Ericsson PSIRT – intro› Setting the scene› The Case
– The contact– Investigation– Aftermath
› Conclusions
outline
“Constituency”
40%2.5b180
Ericsson
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 4
› Established 2004› TI 2005› FIRST 2006› Vulnerability Management› Incident Response› Corporate group› Finland› Co-op
Ericsson PSIRT
Setting the scene
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 6
The scene
E///
Managed Service Provider
Mobile Operator
“the customer”
PSIRT
The case
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 8
“Hi Mikko,
Would you have a BSS specialist with deeper knowledge on the nodes? We could use one in a case with our customer…”
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 9
Finding the common frequency
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 10
Building a team and flying in
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 11
› Good overview› Too many issues included
in one report
›XXX› SIMbox
Initial investigation report
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 12
simbox
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 13
Simbox scenario
Internet
Operator A Operator BSubscriber A Subscriber B
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 14
› Obvious from beginning› Operator blaming the MS
Provider› MS Provider blaming the
operator
› Internal blame game in the Managed Service Provider
Blame game
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 15
› High pressure put on certain people
› Afraid for their jobs› Defensive mode› How to get truthful
answers?
people
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 16
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 17
Big pile of cra… findings
No policy
No processes
No
responsibleNo assets
Shared accounts
No log
monitoring
No physical security
Unclear SLA
No screening of employees
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 18
› No technical vulnerability in the system itself
› Aircraft carrier size holes in operational security
– Impossible to name culprits– Shared root accounts etc…
› Nice process! When is it created?
Summary of findings
Back to the roots - Incident case study | Commercial in confidence | © Ericsson AB 2014 | 2014-06-19 | Page 19
› It’s humans who run this show
› Communication flows or doesn’t
› Blame game takes time and energy
It’s a long way
Mikko KarikytöHead of Ericsson PSIRT
mikko.tel
Thank you
