lessons from the snowden affair
play

Lessons from the Snowden Affair @haroonmeer September 2014 What - PowerPoint PPT Presentation

Mar 10, 2024 •833 likes •1.58k views

Lessons from the Snowden Affair @haroonmeer September 2014 What this talk is not IT DOESNT MATTER BUGSY CRISSCROSS A-PLUS GUMFISH LFS-2 BULLRUN DYNAMO CROSSBEAM ACRIDMINI GURKHASSWORD LHR BULLSEYE EBSR CROSSEYEDSLOTH

  1. Lessons from “the Snowden Affair” @haroonmeer September 2014

  4. What this talk is not

  6. IT DOESN’T MATTER

  7. BUGSY CRISSCROSS A-PLUS GUMFISH LFS-2 BULLRUN DYNAMO CROSSBEAM ACRIDMINI GURKHASSWORD LHR BULLSEYE EBSR CROSSEYEDSLOTH AGILEVIEW HACIENDA LIFESAVER BUMBLEBEEDANCE EDGEHILL CRUMPET AGILITY HAMMERMILL LITHIUM BYSTANDER EINSTEIN CRYOSTAT AIGHANDLER HAPPYFOOT LOCKSTOCK BYZANTINEANCHOR ELATE CRYPTOENABLED AIRBAG HAWKEYE LONGHAUL BYZANTINEHADES ELEGANTCHAOS CULTWEAVE AIRGAP/COZEN HC12 LONGRUN CADENCE ENDUE CUSTOMS AIRWOLF HEADMOVIES LONGSHOT CANDYGRAM ENTOURAGE CYBERCOMMANDCONSOLE ALLIUMARCH HIGHCASTLE LOPERS CANNONLIGHT EVENINGEASEL CYCLONE ALTEREGOQFD HIGHLANDS LUMP CAPTIVATEDAUDIENCE EVILOLIVE DANCINGBEAR ANCESTRY HIGHTIDE LUTEUSICARUS CARBOY EWALK DANCINGOASIS ANCHORY HOLLOWPOINT MADCAPOCELOT CASPORT EXCALIBUR DAREDEVIL ANTICRISISGIRL HOMEBASE MAGNETIC CASTANET EXPOW DARKFIRE ANTOLPPROTOSSGUI HOMEPORTAL MAGNUMOPUS CCDP FACELIFT DARKQUEST APERTURESCIENCE HOMINGPIGEON MAINCORE CDRDIODE FAIRVIEW DARKTHUNDER AQUADOR HUSHPUPPY MAINWAY CERBERUS FALLOUT � ARTEMIS HUSK MARINA CERBERUSSTATISTICSCOLLECTION FASCIA DEADPOOL ARTIFICE IBIS MAUI CHALKFUN FASHIONCLEFT DEVILSHANDSHAKE ASPHALT ICE MESSIAH CHANGELING FASTSCOPE DIALD ASSOCIATION ICREACH METROTUBE CHAOSOVERLORD FATYAK DIKTER ASTRALPROJECTION ICREAST METTLESOME CHASEFALCON FET DIRTYEVIL AUTOSOURCE IMP MINERALIZE CHEWSTICK FISHBOWL DISCOROUTE AXLEGREASE INCENSER MINIATUREHERO CHIPPEWA FOGGYBOTTOM DISHFIRE BABYLON INDRA MIRAGE CHOCOLATESHIP FORESTWARRIOR DISTANTFOCUS BALLOONKNOT INSPECTOR MIRROR CIMBRI FOXACID DISTILLERY BANYAN INTELINK MOBILEHOOVER CINEPLEX FOXSEARCH DIVERSITY BEARSCRAPE INTERQUAKE MONKEYROCKET COASTLINE FOXTRAIL DOCKETDICTATE BEARTRAP IRONSAND MONSTERMIND COBALTFALCON FRA DOGCOLLAR BELLTOPPER ISHTAR MOONLIGHTPATH CONDUIT FREEFLOW DOGHANDLER BERRYTWISTER JACKKNIFE MOONPENNY CONJECTURE FREEZEPOST DRAGGABLEKITTEN BERRYTWISTER+ JAZZFUSION MOUTH CONTRAOCTAVE FRONTO DRAGON'SSHOUT BINOCULAR JAZZFUSION+ MTI CONVEYANCE FRUITBOWL DROPMIRE BIRDSONG JEDI MUGSHOT CORALINE FUNNELOUT DRTBOX BIRDSTRIKE JEEPFLEA MURPHYSLAW CORALREEF FUSEWIRE DRUID BLACKHEART JILES MUSCULAR COTRAVELER GALAXY PACKAGEGOODS BLACKPEARL JTRIG MUSKETEER OCTSKYWARD GAMUT PANOPLY BLARNEY JTRIGRADIANTSPLENDOUR MUSTANG OILSTOCK GARLICK PARCHDUSK BLUEANCHOR JUGGERNAUT MUTANTBROTH OLYMPIA GENESIS PATHFINDER BLUEZEPHYR KAMPUS MYSTIC OMNIGAT GENTE PBX BOMBAYROLL KEYRUT NAMEJACKER ONEROOF GEOFUSION PHOTONTORPEDO BOTANICREALTY KOALAPUNCH NCSC ONIONBREATH GHOSTMACHINE PICASSO BOUNDLESSINFORMANT LADYLOVE NEBULA OPTICNERVE GILGAMESH PINWALE BRANDYSNAP LANDINGPARTY NEVIS ORANGEBLOSSOM GLASSBACK

  8. What do we learn from it ?

  9. What should we do differently?

  10. Caveat: It’s a short talk

  11. Best begin at..

  12. http://www.theguardian.com/world/2013/jun/06/nsa- phone-records-verizon-court-order

  13. http://www.washingtonpost.com/investigations/us-intelligence-mining-data- from-nine-us-internet-companies-in-broad-secret-program/ 2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html

  14. The extent of the leak?

  16. How many documents?

  17. http://www.reuters.com/article/2013/11/14/us-usa-security-nsa- idUSBRE9AD19B20131114

  18. http://www.reuters.com/article/2013/11/14/us-usa-security-nsa-idUSBRE9AD19B20131114

  19. http://world.time.com/2013/10/14/greenwald-on-snowden-leaks-the-worst-is-yet-to-come/

  20. http://www.bbc.com/news/uk-25205846

  22. They had no idea what he had

  23. Would You ?

  24. Are your execs properly trained ?

  25. http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks

  26. http://www.theguardian.com/environment/2014/jan/30/snowden- nsa-spying-copenhagen-climate-talks

  27. http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits

  28. http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted- communications-g20-summits

  29. Attackers like that don’t care about me / us

  30. http://www.spiegel.de/international/europe/british-spy-agency- gchq-hacked-belgian-telecoms-firm-a-923406.html

  31. https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/

  32. https://gigaom.com/2014/02/01/nsa-and-gchq-hacked-belgian- cryptographer-report/

  33. https://firstlook.org/theintercept/2014/09/14/nsa-stellar/

  34. http://www.spiegel.de/international/world/snowden- documents-indicate-nsa-has-breached-deutsche- telekom-a-991503.html

  35. These guys were collateral damage

  36. Does collaboration protect you from getting hacked?

  38. http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/ 2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

  39. How many times were they spotted ?

  40. Complete failure of detection & compartmentalisation

  41. http://www.verizonenterprise.com/DBIR/

  42. The good news is…

  43. Do sophisticated attackers exist ?

  44. not estonia not headline sophisticated

  45. not estonia

  46. http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html

  47. http://blog.thinkst.com/p/cyberwar-why-your-threat-model-is.html

  48. Do sophisticated attackers exist ?

  49. This is profoundly important

  50. Device Based Security Anti Virus Pen Tests

  51. we said victory accomplished

  52. Device based Security

  53. Anti Virus http://www.wired.com/2012/06/internet-security-fail/

  54. Anti Virus http://www.wired.com/2012/06/internet-security-fail/

  55. Pen Tests http://blog.thinkst.com/2012/03/penetration-testing-considered-harmful.html

  56. We are not modelling the right threats

  57. Were all the attacks novel?

  58. Nope.. Not even the ANT stuff

  59. Many of these techniques were previously demonstrated

  61. Why didn't you know about them?

  62. talk graph - tscapes Q2 - 116 Security Events 257 conference days

  63. http://thinkst.com/ts/free

  64. Will the leaks make things better or worse?

  65. Intelligence reforms may or may not happen.. � but, from the point of view of sophisticated attacks

  66. Courage is Contagious

  67. life imitates..

  68. Caveat

  69. This doesn’t apply to everyone!

  70. biggest mistake is thinking you are all the same.. http://blog.thinkst.com/2013/01/your-companies-security-posture-is.html

  71. Summary If everything is important, nothing is • important Your execs need training! • Sophisticated attackers do exist • It’s obvious the emperor has no clothes. • Things are going to get a lot worse for a • bit

  72. Summary of Summary Understand your threat model Understand the space

  73. @haroonmeer http://thinkst.com/ts/free

Recommend

Philip Snowden: more Methodism than Marxism Philip Snowden was a leading figure in the

Philip Snowden: more Methodism than Marxism Philip Snowden was a leading figure in the

Philip Snowden: more Methodism than Marxism Philip Snowden was a leading figure in the ILP, that is, in the dominant soft left of the emerging labour representation movement and then of the Labour Party, alongside Keir Hardie

201 views • 4 slides
EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV is

EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV is

EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV : EROTICISM IS A FRENCH AFFAIR EROTICA TV is available in HD 24/7 in English & French. EROTICA TV is dedicated to soft erotic and glamorous style for a large audience, men and women ! EROTICA

178 views • 5 slides
Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny

Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny

Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp The post-Snowden adversary Since the Snowden revelations beginning in

481 views • 27 slides
ISE331: Snowden Attack 1 Ou Outline of f Topics Covered Snowdens background and how he

ISE331: Snowden Attack 1 Ou Outline of f Topics Covered Snowdens background and how he

ISE331: Snowden Attack 1 Ou Outline of f Topics Covered Snowdens background and how he got to the position of being able to leak confidential information from the CIA How Snowden planned and performed the attack The method used

264 views • 24 slides
Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP

Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP

Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP Semiconductors Craig Costello Microsoft Research Michael Naehrig Microsoft Research June 2013 the Snowden leaks the NSA had written the

671 views • 13 slides
1 PART ONE: THE NSA / SNOWDEN REVELATIONS Who is the

1 PART ONE: THE NSA / SNOWDEN REVELATIONS Who is the

1 PART ONE: THE NSA / SNOWDEN REVELATIONS Who is the Internet? Who is the Internet? 2.5 billion Internet connected North America and Europe >

585 views • 56 slides
Stuxnet Redux: Malware Attribution & Lessons Learned Blackhat DC 2011 Taking the guesswork

Stuxnet Redux: Malware Attribution & Lessons Learned Blackhat DC 2011 Taking the guesswork

Stuxnet Redux: Malware Attribution & Lessons Learned Blackhat DC 2011 Taking the guesswork out of cyber attribution Tom Parker tom.at.rooted.dot.net Media & Cyber War Love Affair WSJ Wide Cyber Attack Is Linked to

1.33k views • 73 slides
Bu Burea reau u of of Ind Indian ian Af Affair fairs Tribal Transportation Program TTP

Bu Burea reau u of of Ind Indian ian Af Affair fairs Tribal Transportation Program TTP

Bu Burea reau u of of Ind Indian ian Af Affair fairs Tribal Transportation Program TTP Funding Status President Barack Obama speaks prior to signing the 3- month extension of the Highway bill in the Oval Office of the White House July

222 views • 8 slides
Unlimited Artistic Director & Choreographer Mark Smith The Dancers Anthony Snowden Daniel

Unlimited Artistic Director & Choreographer Mark Smith The Dancers Anthony Snowden Daniel

Unlimited Artistic Director & Choreographer Mark Smith The Dancers Anthony Snowden Daniel Stanbury Denny Haywood Kevin Jewell Joseph Fletcher DMD Deaf Men Dancing are developing something innovative and exciting in their work Dan

462 views • 16 slides
Towards A Clean Slate Digital Sovereignty in the Post Snowden Era Alexander von Gernler

Towards A Clean Slate Digital Sovereignty in the Post Snowden Era Alexander von Gernler

Towards A Clean Slate Digital Sovereignty in the Post Snowden Era Alexander von Gernler <gernler@genua.de> Munich Internet Research Retreat Raitenhaslach, November 24/25, 2016 Personal Digital Sovereignty Disclaimer The views presented

258 views • 12 slides
Royal College of Surgeons and South West Professional Affair irs Board Trainee Event Mr

Royal College of Surgeons and South West Professional Affair irs Board Trainee Event Mr

Royal College of Surgeons and South West Professional Affair irs Board Trainee Event Mr Dimitrios Siassakos Consultant Senior Lecturer in Obstetrics Director of Research, Academic Centre for Womens Health, Southmead Hospital Lead for

573 views • 53 slides
Thou shalt not commit adultery. -Exodus 20:14 Donald Trump had an affair with adult film

Thou shalt not commit adultery. -Exodus 20:14 Donald Trump had an affair with adult film

Thou shalt not commit adultery. -Exodus 20:14 Donald Trump had an affair with adult film actress Stormy Daniels in 2006, one year after his marriage to his third wife, Melania. He still received 81% of the white Evangelical vote.

225 views • 3 slides
Blaise 5 in a Production Environment Authors: Paul Segal, Mangal Subramanian, Ray Snowden,

Blaise 5 in a Production Environment Authors: Paul Segal, Mangal Subramanian, Ray Snowden,

Blaise 5 in a Production Environment Authors: Paul Segal, Mangal Subramanian, Ray Snowden, Richard Frey, Mike Florcyzk Presentation Overview Blaise 5 Server and Client Options. Blaise 5 API Use Case. Stress Testing Blaise 5

442 views • 16 slides
Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit evidence that intelligence agencies are globally wiretapping Internet backbone connections Massive collection of web tra ffi c, emails, instant

512 views • 50 slides
P .S. I Love You my love affair with a sultry brunette bombshell Greg Cook AWS Tasting Feb 21,

P .S. I Love You my love affair with a sultry brunette bombshell Greg Cook AWS Tasting Feb 21,

P .S. I Love You my love affair with a sultry brunette bombshell Greg Cook AWS Tasting Feb 21, 2009 Advocacy Organization www.psiloveyou.org Petite Sirah Dark and Mysterious It certainly isnt petite and its not quite Syrah PS name

536 views • 25 slides
PRICE OF PRIVACY IN THE CLOUD, OR THE ECONOMIC CONSEQUENCES OF MR SNOWDEN PROFESSOR SIMON

PRICE OF PRIVACY IN THE CLOUD, OR THE ECONOMIC CONSEQUENCES OF MR SNOWDEN PROFESSOR SIMON

[click to select this box and delete] Title slide option 1 Choose one title slide and delete the others. PRICE OF PRIVACY IN THE CLOUD, OR THE ECONOMIC CONSEQUENCES OF MR SNOWDEN PROFESSOR SIMON WILKIE 18 OCTOBER 2019 LEAD IN HEADING

617 views • 36 slides
Education Carnival, Make learning a family affair Brayden Mitchell Interpretive Services

Education Carnival, Make learning a family affair Brayden Mitchell Interpretive Services

Education Carnival, Make learning a family affair Brayden Mitchell Interpretive Services Specialist II Utility Exploration Center Family Drop In Events at the UEC Event Statistics 1st Time 2nd Time Count Watts' Spooktacular 589 889 Bird

1.02k views • 72 slides
PRIVACY POST-SNOWDEN Ian Brown, Prof. of Information Security and Privacy Oxford Internet

PRIVACY POST-SNOWDEN Ian Brown, Prof. of Information Security and Privacy Oxford Internet

PRIVACY POST-SNOWDEN Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII Implants in the supply chain International law and politics International Covenant on Civil and Political

384 views • 17 slides
A Family Affair: Understanding Colorectal Cancer Risk Factors and Screening Options Sioux Falls,

A Family Affair: Understanding Colorectal Cancer Risk Factors and Screening Options Sioux Falls,

A Family Affair: Understanding Colorectal Cancer Risk Factors and Screening Options Sioux Falls, South Dakota October 3, 2017 Durado Brooks, MD, MPH Vice-President, Cancer Control Intervention What is Cancer? Cells are the basic

576 views • 28 slides
Minimum Wage Laws A Brief History and Overview C. Snowden Stieber J.D. Candidate, Univ. of

Minimum Wage Laws A Brief History and Overview C. Snowden Stieber J.D. Candidate, Univ. of

Minimum Wage Laws A Brief History and Overview C. Snowden Stieber J.D. Candidate, Univ. of Minnesota Law A minimum wage is the lowest amount of money that an employer is allowed to pay its workers. The first attempt at a minimum wage in the

354 views • 24 slides
(Straw) Man in the Middle: A Modest Post-Snowden Proposal Brussels, Belgium Jacob Appelbaum

(Straw) Man in the Middle: A Modest Post-Snowden Proposal Brussels, Belgium Jacob Appelbaum

(Straw) Man in the Middle: A Modest Post-Snowden Proposal Brussels, Belgium Jacob Appelbaum [redacted] 10 December 2015 Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 1 / 26 Post-Snowden? What does that mean?

439 views • 33 slides
SALEIE Disabled Students in Higher Education Penn Snowden Manager - Disability Services SALEIE:

SALEIE Disabled Students in Higher Education Penn Snowden Manager - Disability Services SALEIE:

SALEIE Disabled Students in Higher Education Penn Snowden Manager - Disability Services SALEIE: Project No. 527877-LLP-1-2012-1-UK-ERASMUS-ENW The Legislative Context 1995 Disability Discrimination Act 2001 Special Education Needs

426 views • 9 slides
A Brief Affair with FPGAs Zhipeng Zhao, Qi Guo, Tze Meng

A Brief Affair with FPGAs Zhipeng Zhao, Qi Guo, Tze Meng

Carnegie Mellon BLIS A Brief Affair with FPGAs Zhipeng Zhao, Qi Guo, Tze Meng Low Carnegie Mellon University 1 Carnegie Mellon FPGAs System on Chip (SoC)

575 views • 32 slides
Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides

More recommend