Home page logo
/

dailydave logo Dailydave mailing list archives

How to flush a trillion dollars right into the Chesapeake
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 23 Sep 2013 15:33:14 -0400

http://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire

So I don't usually link to random blogs from the big boys, but this
article is worth a read. On Twitter Ben Nagy asked what an integrated
team looks like - and though Symantec didn't really DELVE into the
details, probably because they'll monitize them somehow, this is what it
probably looks like. Because agility as a component of an attack team
isn't gotten by throwing money at the problem. It's a matter of
organizing your attack flow in the right way. It comes down to where
people sit in physical space, half the time.

Obviously the numbers in the infographic should all be multiplied by 10.

And then you look at these teams' successes - and one of them,
obviously, is RSA. RSA is getting hit from both sides. At this point its
marketing message is "We gothacked by the Chinese
<http://allthingsd.com/20120227/seven-questions-for-rsa-security-head-art-coviello/>,
and our main product had a USG backdoor in it":

http://www.theguardian.com/world/2013/sep/21/rsa-emc-warning-encryption-system-nsa

Backdoors go two ways:

 1.  Make your product have security vulnerabilities that only you know
    about, or can QA exploits for, or have the ability to touch (c.f.
    scada). I call this "Backdoority through obscurity".
 2. Are provably built in such a way that only you can exploit them.
    The Dual /EC/ DRBG backdoor is a classic example. TheFlame
    Certificate
    <http://www.networkworld.com/news/2012/060412-microsoft-flame-259828.html>
    attack is another one. This should be true even for remote access
    trojans - Hydrogen
    <http://www.immunityinc.com/products-hydrogen.shtml>was built so
    that without the private key, it wouldn't even respond to the init
    packet. I would be surprised if the Naid trojan system is any
    different. Pro is pro.

BSAFE being backdoored (and you have to be insane to believe RSA's weak
defense
<http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html>of
choosing that PRNG as their default) means almost every device (from
VPNs to SSL Accelerators to crypto-enabled trading applications) on the
Internet was backdoored, because everyone big uses the BSAFE library to
do their crypto.

When this program went dark it was like a toilet flushing///trillions/
of dollars right into the sewage system (not to mention RSA and NIST
being collateral damage). The silver lining here for most people on this
list is that targeted access was always the future once the Internet
happened, and that future is now.

-dave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • How to flush a trillion dollars right into the Chesapeake Dave Aitel (Sep 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault