on cyber
TRANSCRIPT
O N C Y B E R
T H E G R U G Q @ T H E G R U G Q
I V E B E E N I N T H I S G A M E F O R Y E A R S
H A C K I N G I N T H E 9 0 S
10 FIND 0DAY20 HACK THE PLANET30 GOTO 10
T H E G A M E
T H E G A M E : C Y B E R S E C U R I T Y 2 0 0 0
• Cleanup after breaches
• Usually by script kiddies w/ egg drops
• Clean up malware
• Sometimes by cybercriminals
• Coordinate vulnerability disclosure
• (At least this one has been solved)
T H E N , O N E D AY…
T H E G A M E G O T W E I R D
T H E G A M E G O T B I G
T H E G R E AT G A M E
A P T
A L S O A P T
B E S T A P T
I N E V I TA B L E
I N F O R M AT I O N W A N T S T O B E F R E E D
T H E N E W N O R M A L
W E ’ R E H E R E
N O W W H AT ?
T H E G R E AT C Y B E R G A M E
C Y B E R W A R
T H E O R Y
R E A L I T Y
W E L L T H AT S U C K S
W H Y S O V E R Y W R O N G ?
N E W D O M A I N S O F C O N F L I C T
A R E I N F R E Q U E N T
H A R D T O P R E D I C T
T H E O R Y M E E T S P R A X I S
T H I S H A S H A P P E N E D B E F O R E
A N A N A L O G Y
A N E W D O M A I N O F C O N F L I C T
A I R P O W E R 1 9 1 5
A I R P O W E R 1 9 1 5 : T E C H N O L O G Y
• Airplanes were basically motorised kites
• No weapons
• Used for reconnaissance
• Critical to accurate artillery fire
A I R P O W E R : TA C T I C A L T H E O R Y
• Highly skilled pilots
• Highly manoeuvrable planes
• Battle for supremacy in bouts of skill and daring!
• Takeaway
• Build highly manoeuvrable planes
P R A C T I C E …
A I R P O W E R 1 9 1 7 : E X P E R I E N C E
• Practical rules for air war
• Boelke Dicta
• Similar rules from Western aces
• Proven in the crucible
• Concerned only with winning, not chivalry
• Takeaway
• Fast planes that can climb high
D I C TA B O E L K E
• Secure the upper hand before attacking
• Always continue an attack you have begun
• Only fire at close range, when target is in sights
• Always keep an eye on your opponent
D I C TA B O E L K E C O N T.
• In any attack, attack from behind
• If opponent dives on you, turn to meet the attack
• When over enemy lines, never forget line of retreat
• Attack in groups
A I R F O R C E S AY I N G
“There are two types of planes: fighters, and targets”
F I G H T E R
TA R G E T
O V E R W H E L M T H E W E A K
G O I N Q U I C K
H I T H A R D
G E T O U T
TA C T I C A L C Y B E R
C Y B E R W A R 2 0 1 5 : I N T H E O R Y …
C Y B E R C O N F L I C T 2 0 1 5 : P R A C T I C E
• Experience has produced some basic rules about winning
• Hit the softest targets the hardest
TARGETED ATTACK DEMO
Q U A N T U M
• Why does NSA hit browsers?
• Targeted
• Easy*
• It works
A P T
• Why does Asia Pacific Threat do spear phishing?
• Targeted
• Easy
• It works
E V E R Y O N E
• Why do all* nation states use phishing?
• Targeted
• Easy
• It works
W H AT W O R K S
• Client sides
• Spear/phishing
• Browsers
• USB
• Web Apps
• Other:
• Interdiction, telnet sniffing, big boy stuff…
C Y B E R TA C T I C S
O V E R W H E L M T H E W E A K
G O I N Q U I C K LY
H I T H A R D
G E T O U T
C Y B E R O P S
O P E R AT I O N P H A S E S
• planning
• preparation
• execution
• finish
S P E C O P S
• simplicity
• security
• repetition
• surprise
• speed
• purpose
C Y B E R W A R 2 0 1 5
A D V E R S A R I A L O R G A N I S AT I O N S
C H I N A
R U S S I A
I N D I A
N O R T H K O R E A
T O O L C H A I N S
• An investment and an expense
• Constant maintenance
• Tools, Techniques & Procedures are Commitments
S T R AT E G I C C Y B E R
– T W O S TA R G E N E R A L , C Y B E R C O M M A N D
"data packets are like bullets and your walls of fire are like the armor that repels them."
W H AT C A N H E L P ?
Y O U W I L L B E D I S A P P O I N TS E C U R I T Y V E N D O R S ’ S O L U T I O N S
S T U N T H A C K I N G
D I S A S T E R T O U R I S T SI N F O S E C I N D U S T R Y
G O O D L U C K W I T H T H ATC I S S P
D O N ’ T L O V E Y O UN A T I O N A L I N T E L L I G E N C E A G E N C I E S
W H AT W O R K S
E A R LY D E T E C T I O N
C O M PA R T M E N TA T I O N
T I M E I S O N Y O U R S I D E
E N J O Y T H E V I E W
T H A N K Y O U