SlideShare a Scribd company logo

Prof Peter Cochrane on Security

ā€¢
ā€¢
University of Hertfordshire
University of Hertfordshire

This document discusses various topics related to cyber security including networking protocols, mindsets for security, quotes from military strategists, examples of cyber attacks and their costs, and sophisticated malware. It provides perspectives on the challenges of cyber defense and emphasizes the need for collaboration and new approaches to counter the advantages that attackers possess.

Internet
1 of 101
Download to read offline
Prof Peter Cochrane OBE p e t e r c o c h r a n e . c o m Security CYBER P N V P N L A N W i F i P S T N W L A N 3 , 4 , 5 G I P S I P TC P U D P RT P D N S D H C P
M I N D S E T S A d i f f e re n t p e r s p e c t i ve https:// www.y outube. com/ watch? v=X7rh ovBK_e A Audio Book https://www.youtube.com/watch?v=X7rhovBK_eA Written 5th C BC Most important points: Information matters and an educated guess is better than a gut decision Generals should be adept at the "military calculus" of accounting for anything and everything that could affect the outcome of a battle
M I N D S E T S P r o v o c a t i v e s t i m u l a t i o n More Quotes by famous generals and philosophers https://bit.ly/2VVJ6Hm More Quotes by Sun Tzu https://bit.ly/2VVJ6Hm BEST Quotes by Sun Tzu https://bookroo.com/quotes/the-art-of-war ā€œThe supreme art of war is to subdue the enemy without ļ¬ghtingā€ ā€œTo know your enemy you must become your enemyā€
1) There is always a threat 2) It is always in a direction youā€™re not looking 3) Perceived risk/threat never equals reality 4) Nothing is 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual risk 7) You need two security groups - defenders and attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind Security Laws I m m u t a b l e S i n c e 1 9 9 0
Security Laws I m m u t a b l e S i n c e 1 9 9 0 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending them 13) Hackers are smarter than you - they are younger! 14)Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally deļ¬nes the outcome
RESUME R e a l i t y 2 0 2 0 Attacks are escalating The Dark Side is winning There are no silver bullets People are the biggest risk The attack surface is increasing Attacker rewards are on the up All our security tools are reactive Cyber disruption costs are growing Companies do not collaborate/share Attackers operate an open market More of the same but better & faster will not change the gameā€¦ ā€¦we have to think anew - to get out of the box and do something very different !
Infrastructures Web Resources PoS + ATMs Peripherals Users IoT Mobiles Pcs Tablet Wearables Targets Transport IT Retail CryptoĀ£Ā£ Telecom ++++ c y b e r At ta c k 1 A c o n n e c t e d / n e t wo r ke d s p e c t r u m Malware False ID Social Engineering Hacking Web Probes DDoS Software Adulteration Finance Gov Health Care Education Industry Commerce Services Hospitality VictimsTools
Malicious Code inserted into visitor browsers Gains Access to sensitive data cyber Attack 2 S y s t e m W i d e O p p o r t u n i t y Po i n t s
VOIP net: security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing
VOIP net: security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless
VOIP net: security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless Inherently Secure Fibre PN/VPN Strong Encryption Hidden VPN & Routings
VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so!
VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities
VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available
VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available N o n O b v io u s g a t ew a y g h o s t in g /d u p lic a t io n P lu s s p lit fib r e c a b le feed s c a n b e u s ed t o in c r ea s e s ec u r it y Ex t en s iv e u s e o f en c r y p t io n 12 8 a n d 2 5 6 k ey p lu s p u b lic k ey fo r c o n t r o l a n d s ig n a llin g
Segue: Demo P u b l i c K e y M a d e O b v i o u s For More GOTO: https://bit.ly/39Ey6kY
B S A L E R T L E O s C a n D o i t A l l ! A single hop ā€˜Low Earth Orbit Satelliteā€™ link introduces 50 - 100ms delayā€¦
B S A L E R T L E O s C a n D o i t A l l ! A single hop ā€˜Low Earth Orbit Satelliteā€™ link introduces 50 - 100ms delayā€¦ A ll satellite system s are in heren tly in secure on every level an d very easy to attack/disable N ot credible as A platform for an y form of traffic that dem an ds security an d resilien ce
p A E S A D O X 1 Ta r g e t h a s m o r e A c e s ! Cunning Creative Proactive Inventive Motivated Unbounded Unconstrained Outside the Law No Moral Boundary A Virtualised ā€˜Enterpriseā€™ Well Funded R&D Global Sharing Culture Skills & Expertise Market Tools, Tech & Info Trading Fast to Exploit Opportunities IT IS extrem ely rare for attackers To be presented w ith such Exponentially rich and grow ing targets The Dark Side of the Force is Winning
p a r A D O X 2 Wa r G a m e s a n d D e f e n c e ā€œThe military play all day and occasionally go to warā€ ā€œWe are ay war every day and never playā€
pA r A D O X 3 N o re t a l i a t o r y d e f e n c e
pA r A D O X 3 N o re t a l i a t o r y d e f e n c e BY and large w e know w ho the attackers are and w here they reside but opt to do nothing the enem y have sim ply adopted our technologies and used them as w eapons against us
a x i o m 1 A l o n e w e f a l l
T o S u r v i v e We n e e d t o b e c o m e u n i t e d ā€œFailure the greatest teacher isā€
T o S u r v i v e We n e e d t o b e c o m e u n i t e d Well Funded R&D Global Sharing Culture Tools, Tech & Info Sharing Proactive Defence Strategies Skills & Expertise Cooperation Fast to Respond to/Report Threats Cooperative Creativity Engage in Workable Legislation Help Formulate Law Frameworks Virtualised Every Aspect of Cyber Defence Formulate a Rapid Attack/Punitive Responses ā€œThe Art of War read you mustā€
C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $2000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypotsā€¦ Social engineering is one of the most powerful tools to be widely exploited by the ā€˜Dark Sideā€™ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect
C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $2000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypotsā€¦ Social engineering is one of the most powerful tools to be widely exploited by the ā€˜Dark Sideā€™ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect W a tch som e crim e hEist spy m ov ies rea d detectiv e n ov els k eep up w ith security dev elopm en ts To get a grip on deception rea d on m a gic a n d m a gicia n s w a tch som e rela ted m ov ies
S e g u e : S t u x n e t S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r O n l y i n t e r e s t e d i n M S O S H u n t e r K i l l e r S p e c i e s 2 0 1 0 A t t a c k N e v e r A t t r i b u t e d C I A - M a s s a d P r i m a r y S u s p e c t s G e n e r a l S p e c i e s f o r S a l e o n D a r k W e b S e g u e : S t u x n e t S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r O n l y i n t e r e s t e d i n M S O S H u n t e r K i l l e r S p e c i e s 2 0 1 0 A t t a c k N e v e r A t t r i b u t e d C I A - M o s s a d P r i m a r y S u s p e c t s G e n e r a l S p e c i e s f o r S a l e o n D a r k W e b
c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$
c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security
c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security Prime Motivation Political, Commercial and Social Change
c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security Prime Motivation Political, Commercial and Social Change Prime Motivation Domination and TakeOver
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ c y b e r a t t a c k P r i m a r y M e t h o d o l o g i e s J a n 2 0 1 9
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ c y b e r a t t a c k P r i m a r y Ta r g e t s a s o f J a n 2 0 1 9
M y F o r e c a s t T h e n u m b e r O n e f o r 2 0 2 0 A target rich opportunity: ā€¢ A wealthy technophobic organisation and customers ā€¢ Processes, protocols and methodologies well known ā€¢ Millions of people involved with dispersed ofļ¬ces ā€¢ Multiple points of access PSTN, VOIP, Network+ ā€¢ Staff trained to help customers BIG and small ++++ ā€¢ Many possible attack modes: Phishing, Whaling, Malware, Man-in-the-Middle, Insider, Contractor, bribery, corruption, coercion
C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Eļ¬€ort Extremely Proļ¬table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Inļ¬‚uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Eļ¬€ort Political Inļ¬‚uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation
C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Eļ¬€ort Extremely Proļ¬table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Inļ¬‚uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Eļ¬€ort Political Inļ¬‚uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation Short Game Low Gain Medium Game Medium Gain Long Game Massive Gain
C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Eļ¬€ort Extremely Proļ¬table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Inļ¬‚uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Eļ¬€ort Political Inļ¬‚uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation Short Game Low Gain Medium Game Medium Gain Long Game Massive Gain Sophistication Investment Complexity ROI
S tat u s Q u o C y b e r C r i m e E c o n o m y E A S Y E N T R Y 1 M o s t l y v e r y p o o r p r o t e c t i o n B e h i n d t h e F i r e W a l l i n o n e s m a l l s t e p N o P a s s w o rd s E a s y P a s s w o r d s F a c t o r y D e f a u l t
E A S Y E N T R Y 2 M o s t l y v e r y p o o r p r o t e c t i o n
E A S Y M o n e y L o w c o s t h u m a n / ro b o t a t t a c k s
P h i s h i n g E x p o n e n t i a l G r o w t h Criminals are in a race against security teams looking to shut them down Security teams report phishing URLs regularly, but some criminals use web hosts/ domains that ignore reports Most kits have a short life, and the phishing window is growing smaller H i g h l y s u c c e s s f u l / p r o f i t a b l e ; a n d v e r y e a s y t o a u t o m a t e f o r T X T a n d s p e e c h
P h i s h i n g E x p o n e n t i a l G r o w t h o f S p e c i e s s e e s a ra p i d S h o r t e n i n g L i f e t i m e s Days to Deactivation Cumulative%ofKitsDeactivated 25% 50% 75% 100% Cumulative % of kits deactivated 0 40 80 120 160 200
P h i s h i n g E x p o n e n t i a l I n n o v a t i o n Akamai
S E G U E P h i s h i n g D e m o Access through the exploitation of a kind IT Support Desk Operator
D E F E N CE I N D U S T R Y W h e n a c u s t o m e r b e c o m e s a n e n e m y Kill Switch Disable Signal Destruct Command Assume Control Portal Information/Data Gathering
O F F T H E R EC O R D A l m o s t n o t h i n g i s a s i t a p p e a r s
security P N V P N C l o u d / s VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing What is actually in this Cloud?
security P N V P N C l o u d / s VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless What is actually in this Cloud?
security P N V P N C l o u d / s VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless Inherently Secure Fibre PN/VPN Strong Encryption Hidden VPN & Routings What is actually in this Cloud?
p a r t i a l v i e w 1 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l What is actually in this Cloud?
p a r t i a l v i e w 1 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l What is actually in this Cloud? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
p a r t i a l v i e w 2 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l How is the Network Conļ¬gured?
p a r t i a l v i e w 2 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l How is the Network Conļ¬gured? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
~ 5 1 % S I P L a y e r R o u t i n e l y Te s t Yo u r N e t E n c r y p t E v e r y t h i n g H a r d e n P a s s w o r d s U s e a P N o r V P N Tr a i n U s e r s + + + + ? ? ? ? ~ 4 9 % S h a r e d K i t U s e N e t S p o o f i n g A d o p t P a t h D i v e r s i t y E n c r y p t A t A l l L e v e l s Engage Pre-Cursor Detection Continually Monitor The Network + + + + ? ? ? ? V O I P A T T A C K S DDoS + Access via Shared Layers & kit
S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ?
S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ? In h er en tly s ec u r e in th e ex tr em e iff d es ig n ed w ell a n d d eta il is k ep t s ec r et
Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s
Cable 6 Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s
Cable 8 Cable 6 Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s
Cable 8 Cable 6 Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s A d d s r es ilien c e to a w h o les a ler n etw o r k a n d is a v er y effec tiv e d efen c e a g a in s t D D O S A tta c k s
Cable 8 Cable 6 Cable 3 2 A d d r e ss i n g M u l t - C a b l e s P a t h s Radically Different For Each Layer Password Format Different by Layer
Cable 8 Cable 6 Cable 3 2 A d d r e ss i n g M u l t - C a b l e s P a t h s Radically Different For Each Layer Password Format Different by Layer A d d s r es ilien c e A n d A N ex tr a la y er o f s ec u r ity fo r a tta c k er s if th ey g et th is d eep
Cable 8 Cable 6 Cable 3 Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! 3 S p o o f i n g G h o s t C a b l e s P a t h s
Cable 8 Cable 6 Cable 3 d ilu tes th e effo r ts a n d r es o u r c es o f th e d a r k s id e a n d Fr u s tr a tes th eir D es ig n s to G a in a c c es s Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! 3 S p o o f i n g G h o s t C a b l e s P a t h s
Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
Cable 6 Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
Cable 8 Cable 6 Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
Cable 8 Cable 6 Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners A s o f th e c r ea tio n o f th is p r es en ta tio n n o k n o w n a tta c k h a s b een s u c c es s fu l a g a in s t th is d efen c e
TH E BIG PICTUR E O p t i c a l F i b r e C a b l e N e t S p i n e
EU - Nth America O p t i c a l F i b r e C a b l e s 2 0 1 9
UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s
UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s
UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s
UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s
m a l w a r e A ā€˜c o m m e rc i a l ā€™ s a m p l e Cerber ā€“ Malicious email ļ¬le affecting system OS - steals userā€™s info to extort money RaaS ā€“ (Ransomware-as-a-Service) Hackers make money by selling/using this product Emotet ā€“ Originally a banking Trojan, but evolved as a full-scale Bot threat. Botnets ā€“ Used for DDOS attacks, SPAM distribution, data stealing, self organising Cryptomining Malware ā€“ Distributed computing for cryptojacking - using your FLOPs
D D o S T y p e s T h e m a i n a t t a c k c h a ra c t e r i s t i c s Volumetric: Consumes network, service, link bandwidth to create congestion/paralysis TCP State Exhaustion: Kills core routers, ļ¬rewalls & application servers - services unusable Application Layer: Target websites, databases & app services. Perhaps the most sophisticated /stealthy - very difļ¬cult to detect using common ļ¬‚ow-based monitoring https://www.scss.tcd.ie/publications/theses/diss/2018/TCD-SCSS-DISSERTATION-2018-046.pdf
DDoS Defence J u s t o n e c o m m e r c i a l o f f e r
W H AT W E D E T E C T P o s s i b l y j u s t t h e t i p o f a n i c e b e r g ! We need to start looking below the surface of obviousness for the hidden sophistication of the many stealth attacks that we suspect are happening that we cannot see! Ransomeware Phishing Crypto-WalletDoD/DDoS SQLi // XSS Man-in-The Middle URL Spooļ¬ng Cloaking Malware Covert Plant Visitors Insiders Outsiders Alongsiders Customers Contractors WiFi Tunnels Implants Malware Networks Diversions Brute Force Decoys
V i ta l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y P h y s i c a l S e c u r i t y S t r o n g P a s s w o r d s F i r e W a l l , P N , V P N M a l w a r e P r o t e c t i o n S t r o n g E n c r y p t i o n G e n e r a P u b l i c K e y A u t h e n t i c a t i o n C e r t i f i c a t i o n ( N F a c t o r, M P a t h ) P e n e t r a t i o n D e t e c t i o n a t K e y I n t e r f a c e P o i n t s B e h a v i o u r a l A n a l y s i s o f N e t , M a c h i n e s , P e o p l e M o n i t o r f o r a l l P r e - C u r s o r E v e n t I n d i c a t o r s C r e a t e / J o i n I n f o r m a t i o n S h a r i n g N e t w o r k s a c r o s s t h e i n d u s t r y
P h y s i c a l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y
P h y s i c a l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y S e c u r e E n t r y S i t e & B u i l d i n g D u p l i c a t e d / T r i p l i c a t e d P o w e r / F i b r e B r e a k F r e e P o w e r w i t h B a t t e r i e s G e n e r a t o r s 2 / 3 U t i l i t i e s S u p p l y S i t e 5 0 k m f r o m a n y A i r p o r t
F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y
F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y A i r L o c k S t r i p D o w n A u t h o r i s e d E n t r y O n l y G e n e r a l A c c e s s O p e n L i m i t e d A c c e s s Z o n e d T i m e d C a m e r a s H e a t S e n s o r s M o t i o n S e n s o r s L o c a t i o n P r o x i m i t y S e n s o r s I n v i s i b l e X - X L a s e r B e a m s
S e g u e S t a g e L e f t O f f T h e R e c o r d P l a y T i m e I d o n o t r e c o m m e n d y o u t r y a n y o f t h i s - i t i s a l l a p a r t o f m y p e r s o n a l m i s s i o n t o m a k e t h e w o r l d a s a f e r p l a c e Not For Public Release
V i ta l M e a s u r e r s T h e m i n i m a l s e c u r i t y p r o t e c t i o n failures C o m m o n M o d e O n e r o a d i n a n d o u t i s n o t a g o o d i d e a !
opportunities ! T h e D a r k S i d e E v e r y w h e r e - A i r l i n e s e c u r i t y - P u b l i c t a r g e t s - C a r e l e s s t a l k - D e v i c e t h e f t - B r e a k i n g i n - S o c i a l d a t a + + + +
Airport Security A i g o p p o r t u n i t y f o r d e v i c e t h e f t
C a r e l e s s S h o u l d e r s u r f i n g ! I was working in London and stopped for a coffee break in Sohoā€¦
U n t i d y L i t t e r B u g : - ) Ā£24k in this account! And then the fun started !
LOUD & RUDE There is always a price to pay ! The group next to my colleague had just chanced upon the perfect name for their new company. They revealed their new domain name and more to everyone within earshot!
A stack of papers readable at a glance EXHIBITIONISTS Government employees bragging ME Three identical laptops Three Mobiles all the same
A stack of papers readable at a glance EXHIBITIONISTS Government employees bragging ME Three identical laptops Three Mobiles all the same In < 1hour they revealed: All there names Mobile numbers + eMail addresses Unit Codes Postal Drop Building ļ¬‚oor and room IT Support Number and log in Who was at their meeting Meeting agenda Who said what Decisions made Project Code Name Organisations involved Objectives and progress The name of a ā€˜Secret Projectā€™ Talked about in euphemisms +++++
O p P o r t u n i s t Pass cards are so easy to forge/steal TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant TRUTH ENGINES An End Game Company Peter Cochrane Internal Aļ¬€airs Advisor VISITOR EMPLOYEE
Device theft Or is their something more here This is a high risk crime with a good chance of getting caught in the act or getting caught on camera.. Why would anyone do this for a few Ā£Ā£ an hour, or is there hidden value add that we are not seeing? https://www.youtube.com/watch?v=TWilMUpEMEk https://www.youtube.com/watch?v=tSKXZnfOe60
UP THE VALUE 100s of hack tutorials on-line A naked mobile device is one price A live mobile device with all the log-in and personal data accessible is a much better deal !
G O T O R e s o u r c e s 4 U petercochrane.com Broadcom/Symantic Crowdstrike Cisco, IBM Akamai Varonis Gartner, Aon, UKGov DDCMS. MimeCast BitSight,TrendMicro, FCA Juniper, RAND, Kaspersky
Things that Think want to Link and Things that Link want to Think F I N - Q & A ? www.petercochrane.com

Recommended

CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
Ā 
Biometrics of ID and Security
Biometrics of ID and SecurityBiometrics of ID and Security
Biometrics of ID and SecurityUniversity of Hertfordshire
Ā 
Voip realities and realisations
Voip realities and realisations Voip realities and realisations
Voip realities and realisations University of Hertfordshire
Ā 
Wireless Past Present Future
Wireless Past Present FutureWireless Past Present Future
Wireless Past Present FutureUniversity of Hertfordshire
Ā 
QUANTUM COMPUTING REALITY CHECK
QUANTUM COMPUTING REALITY CHECKQUANTUM COMPUTING REALITY CHECK
QUANTUM COMPUTING REALITY CHECKUniversity of Hertfordshire
Ā 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldUniversity of Hertfordshire
Ā 
Cyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyCyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyUniversity of Hertfordshire
Ā 
TRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSTRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSUniversity of Hertfordshire
Ā 

Recommended

CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamUniversity of Hertfordshire
Ā 
Biometrics of ID and Security
Biometrics of ID and SecurityBiometrics of ID and Security
Biometrics of ID and SecurityUniversity of Hertfordshire
Ā 
Voip realities and realisations
Voip realities and realisations Voip realities and realisations
Voip realities and realisations University of Hertfordshire
Ā 
Wireless Past Present Future
Wireless Past Present FutureWireless Past Present Future
Wireless Past Present FutureUniversity of Hertfordshire
Ā 
QUANTUM COMPUTING REALITY CHECK
QUANTUM COMPUTING REALITY CHECKQUANTUM COMPUTING REALITY CHECK
QUANTUM COMPUTING REALITY CHECKUniversity of Hertfordshire
Ā 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldUniversity of Hertfordshire
Ā 
Cyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyCyber Security - Thinking Like The Enemy
Cyber Security - Thinking Like The EnemyUniversity of Hertfordshire
Ā 
TRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSTRUTH, SITUATION, & CONTEXT AWARENESS
TRUTH, SITUATION, & CONTEXT AWARENESSUniversity of Hertfordshire
Ā 
MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and ExecutionUniversity of Hertfordshire
Ā 
The Scientific Method
The Scientific MethodThe Scientific Method
The Scientific MethodUniversity of Hertfordshire
Ā 
How to Design Passwords
How to Design PasswordsHow to Design Passwords
How to Design PasswordsUniversity of Hertfordshire
Ā 
Smart Materials and Structures
Smart Materials and StructuresSmart Materials and Structures
Smart Materials and StructuresUniversity of Hertfordshire
Ā 
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamCYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamUniversity of Hertfordshire
Ā 
Surveillance society
Surveillance societySurveillance society
Surveillance societyUniversity of Hertfordshire
Ā 
Cyber Security - Becoming Evil
Cyber Security - Becoming EvilCyber Security - Becoming Evil
Cyber Security - Becoming EvilUniversity of Hertfordshire
Ā 
Its My Data Not Yours!
Its My Data Not Yours!Its My Data Not Yours!
Its My Data Not Yours!University of Hertfordshire
Ā 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change EverythingUniversity of Hertfordshire
Ā 
IT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureIT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureUniversity of Hertfordshire
Ā 
The Automation of Everything
The Automation of EverythingThe Automation of Everything
The Automation of EverythingUniversity of Hertfordshire
Ā 
Why Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum ComputingWhy Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum ComputingUniversity of Hertfordshire
Ā 
Demystifying Information Theory
Demystifying Information TheoryDemystifying Information Theory
Demystifying Information TheoryUniversity of Hertfordshire
Ā 
ICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & ResilienceICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & ResilienceUniversity of Hertfordshire
Ā 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingUniversity of Hertfordshire
Ā 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyUniversity of Hertfordshire
Ā 
Working With Parliamentarians On Srh In Ghana
Working With Parliamentarians On Srh In GhanaWorking With Parliamentarians On Srh In Ghana
Working With Parliamentarians On Srh In GhanaIDS
Ā 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itShivamSharma909
Ā 
AI The Call Center Nemesis?
AI The Call Center Nemesis?AI The Call Center Nemesis?
AI The Call Center Nemesis?University of Hertfordshire
Ā 
Cisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itCisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itShivamSharma909
Ā 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer needUniversity of Hertfordshire
Ā 
People the biggest cyber risk
People the biggest cyber riskPeople the biggest cyber risk
People the biggest cyber riskUniversity of Hertfordshire
Ā 

More Related Content

What's hot

MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and ExecutionUniversity of Hertfordshire
Ā 
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamCYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamUniversity of Hertfordshire
Ā 
IT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureIT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureUniversity of Hertfordshire
Ā 
ICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & ResilienceICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & ResilienceUniversity of Hertfordshire
Ā 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingUniversity of Hertfordshire
Ā 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyUniversity of Hertfordshire
Ā 
Working With Parliamentarians On Srh In Ghana
Working With Parliamentarians On Srh In GhanaWorking With Parliamentarians On Srh In Ghana
Working With Parliamentarians On Srh In GhanaIDS
Ā 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itShivamSharma909
Ā 
Cisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itCisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itShivamSharma909
Ā 

What's hot (20)

MSP Automation - Application and Execution
MSP Automation - Application and ExecutionMSP Automation - Application and Execution
MSP Automation - Application and Execution
Ā 
The Scientific Method
The Scientific MethodThe Scientific Method
The Scientific Method
Ā 
How to Design Passwords
How to Design PasswordsHow to Design Passwords
How to Design Passwords
Ā 
Smart Materials and Structures
Smart Materials and StructuresSmart Materials and Structures
Smart Materials and Structures
Ā 
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red TeamCYBER ATTACK SCENARIOS - Part 1: Building The Red Team
CYBER ATTACK SCENARIOS - Part 1: Building The Red Team
Ā 
Surveillance society
Surveillance societySurveillance society
Surveillance society
Ā 
Cyber Security - Becoming Evil
Cyber Security - Becoming EvilCyber Security - Becoming Evil
Cyber Security - Becoming Evil
Ā 
Its My Data Not Yours!
Its My Data Not Yours!Its My Data Not Yours!
Its My Data Not Yours!
Ā 
Technologies That Will Change Everything
Technologies That Will Change EverythingTechnologies That Will Change Everything
Technologies That Will Change Everything
Ā 
IT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger PictureIT and Systems Security - The Bigger Picture
IT and Systems Security - The Bigger Picture
Ā 
The Automation of Everything
The Automation of EverythingThe Automation of Everything
The Automation of Everything
Ā 
Why Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum ComputingWhy Robots, AI, AL and Quantum Computing
Why Robots, AI, AL and Quantum Computing
Ā 
Demystifying Information Theory
Demystifying Information TheoryDemystifying Information Theory
Demystifying Information Theory
Ā 
ICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & ResilienceICTON 2020 KeyNote: Evolving Network Security & Resilience
ICTON 2020 KeyNote: Evolving Network Security & Resilience
Ā 
The future of education: Solving Problems by Thinking
The future of education: Solving Problems by ThinkingThe future of education: Solving Problems by Thinking
The future of education: Solving Problems by Thinking
Ā 
Quantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence MathematicallyQuantifying Machine Intelligence Mathematically
Quantifying Machine Intelligence Mathematically
Ā 
Working With Parliamentarians On Srh In Ghana
Working With Parliamentarians On Srh In GhanaWorking With Parliamentarians On Srh In Ghana
Working With Parliamentarians On Srh In Ghana
Ā 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of it
Ā 
AI The Call Center Nemesis?
AI The Call Center Nemesis?AI The Call Center Nemesis?
AI The Call Center Nemesis?
Ā 
Cisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of itCisa domain 2 part 1 governance and management of it
Cisa domain 2 part 1 governance and management of it
Ā 

Similar to Prof Peter Cochrane on Security

Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer needUniversity of Hertfordshire
Ā 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing AttackJune Park
Ā 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison
Ā 
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Stefano Amorelli
Ā 
Frodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisureFrodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisureAndrea Draghetti
Ā 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
Ā 
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...Amazon Web Services
Ā 
Customer_Testimonial_IFFCO.pdf
Customer_Testimonial_IFFCO.pdfCustomer_Testimonial_IFFCO.pdf
Customer_Testimonial_IFFCO.pdfPRASHANTJUNNARKAR
Ā 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerGreg Foss
Ā 
Mobile Inception - Web API Security
Mobile Inception - Web API SecurityMobile Inception - Web API Security
Mobile Inception - Web API SecurityMobileInception
Ā 
Santander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationSantander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationLisa Cheng
Ā 

Similar to Prof Peter Cochrane on Security (20)

Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
Ā 
People the biggest cyber risk
People the biggest cyber riskPeople the biggest cyber risk
People the biggest cyber risk
Ā 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing Attack
Ā 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 final
Ā 
Managing cyber security
Managing cyber securityManaging cyber security
Managing cyber security
Ā 
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Credit Cards Tech and Threats: How Hackers Pay With Your Money [Stefano Amore...
Ā 
The IoT For Real
The IoT For Real The IoT For Real
The IoT For Real
Ā 
Frodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisureFrodi online: Analisi, simulazione e contromisure
Frodi online: Analisi, simulazione e contromisure
Ā 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Ā 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
Ā 
Science and Engineering Out of The Box
Science and Engineering Out of The BoxScience and Engineering Out of The Box
Science and Engineering Out of The Box
Ā 
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Ā 
Customer_Testimonial_IFFCO.pdf
Customer_Testimonial_IFFCO.pdfCustomer_Testimonial_IFFCO.pdf
Customer_Testimonial_IFFCO.pdf
Ā 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
Ā 
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto FarmerCrypto Hacks - Quit your Job and Become a Crypto Farmer
Crypto Hacks - Quit your Job and Become a Crypto Farmer
Ā 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe Harbor
Ā 
Digital Destinies
Digital DestiniesDigital Destinies
Digital Destinies
Ā 
Mobile Inception - Web API Security
Mobile Inception - Web API SecurityMobile Inception - Web API Security
Mobile Inception - Web API Security
Ā 
Santander Presentation - Global Digital Innovation
Santander Presentation - Global Digital InnovationSantander Presentation - Global Digital Innovation
Santander Presentation - Global Digital Innovation
Ā 
State of Smart TV
State of Smart TVState of Smart TV
State of Smart TV
Ā 

More from University of Hertfordshire

Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesUniversity of Hertfordshire
Ā 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseThermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseUniversity of Hertfordshire
Ā 

More from University of Hertfordshire (16)

The Philosophy of Science
The Philosophy of ScienceThe Philosophy of Science
The Philosophy of Science
Ā 
Future Telecoms Challenges & Opportunities
Future Telecoms Challenges & OpportunitiesFuture Telecoms Challenges & Opportunities
Future Telecoms Challenges & Opportunities
Ā 
Thermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our UniverseThermodynamics - Laws Embracing Our Universe
Thermodynamics - Laws Embracing Our Universe
Ā 
Applied Science - Engineering Systems
Applied Science - Engineering SystemsApplied Science - Engineering Systems
Applied Science - Engineering Systems
Ā 
IoT Yet to Come
IoT Yet to ComeIoT Yet to Come
IoT Yet to Come
Ā 
The Scientific Meme
The Scientific Meme The Scientific Meme
The Scientific Meme
Ā 
Uncanny Valley and Human Destiny
Uncanny Valley and Human DestinyUncanny Valley and Human Destiny
Uncanny Valley and Human Destiny
Ā 
Resurgence of Technology Driven Change
Resurgence of Technology Driven ChangeResurgence of Technology Driven Change
Resurgence of Technology Driven Change
Ā 
Society 5.0: A Vital Symbiosis
Society 5.0: A Vital SymbiosisSociety 5.0: A Vital Symbiosis
Society 5.0: A Vital Symbiosis
Ā 
Cyber Portents and Precursors
Cyber Portents and PrecursorsCyber Portents and Precursors
Cyber Portents and Precursors
Ā 
Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?Technology Overlords Or A Symbiosis ?
Technology Overlords Or A Symbiosis ?
Ā 
THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS THE FUTURE OF MOBILE NETWORKS
THE FUTURE OF MOBILE NETWORKS
Ā 
Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
Ā 
The Future WorkScape
The Future WorkScapeThe Future WorkScape
The Future WorkScape
Ā 
Engineering Reliability and Resilience
Engineering Reliability and ResilienceEngineering Reliability and Resilience
Engineering Reliability and Resilience
Ā 
Industry 4.0 and Sustainability
Industry 4.0 and SustainabilityIndustry 4.0 and Sustainability
Industry 4.0 and Sustainability
Ā 

Recently uploaded

GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
Ā 
Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”soniya singh
Ā 
Hot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night Standkumarajju5765
Ā 
All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445
All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445
All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445ruhi
Ā 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
Ā 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
Ā 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
Ā 
Lucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRL
Lucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRLLucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRL
Lucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRLimonikaupta
Ā 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
Ā 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
Ā 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
Ā 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
Ā 
āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663
āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663
āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663Call Girls Mumbai
Ā 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
Ā 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Ā 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
Ā 

Recently uploaded (20)

GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
Ā 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Ā 
Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Call Girls In Sukhdev Vihar Delhi šŸ’ÆCall Us šŸ”8264348440šŸ”
Ā 
Hot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ā˜Ž 9711199171 Book Your One night Stand
Ā 
All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445
All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445
All Time Service Available Call Girls Mg Road šŸ‘Œ ā­ļø 6378878445
Ā 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
Ā 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
Ā 
Call Girls In South Ex šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SERVICE
Call Girls In South Ex šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SERVICECall Girls In South Ex šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SERVICE
Call Girls In South Ex šŸ“± 9999965857 šŸ¤© Delhi šŸ«¦ HOT AND SEXY VVIP šŸŽ SERVICE
Ā 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Ā 
Lucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRL
Lucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRLLucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRL
Lucknow ā¤CALL GIRL 88759*99948 ā¤CALL GIRLS IN Lucknow ESCORT SERVICEā¤CALL GIRL
Ā 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
Ā 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
Ā 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
Ā 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 šŸ«¦ Vanshika Verma More Our Se...
Ā 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Ā 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Ā 
āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663
āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663
āœ‚ļø šŸ‘… Independent Andheri Escorts With Room Vashi Call Girls šŸ’ƒ 9004004663
Ā 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
Ā 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
Ā 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Ā 

Prof Peter Cochrane on Security

  • 1. Prof Peter Cochrane OBE p e t e r c o c h r a n e . c o m Security CYBER P N V P N L A N W i F i P S T N W L A N 3 , 4 , 5 G I P S I P TC P U D P RT P D N S D H C P
  • 2. M I N D S E T S A d i f f e re n t p e r s p e c t i ve https:// www.y outube. com/ watch? v=X7rh ovBK_e A Audio Book https://www.youtube.com/watch?v=X7rhovBK_eA Written 5th C BC Most important points: Information matters and an educated guess is better than a gut decision Generals should be adept at the "military calculus" of accounting for anything and everything that could affect the outcome of a battle
  • 3. M I N D S E T S P r o v o c a t i v e s t i m u l a t i o n More Quotes by famous generals and philosophers https://bit.ly/2VVJ6Hm More Quotes by Sun Tzu https://bit.ly/2VVJ6Hm BEST Quotes by Sun Tzu https://bookroo.com/quotes/the-art-of-war ā€œThe supreme art of war is to subdue the enemy without ļ¬ghtingā€ ā€œTo know your enemy you must become your enemyā€
  • 4. 1) There is always a threat 2) It is always in a direction youā€™re not looking 3) Perceived risk/threat never equals reality 4) Nothing is 100% secure 5) People are always the primary risk 6) Resources are deployed inversely proportional to actual risk 7) You need two security groups - defenders and attackers 8) Security & operational requirements are mutually exclusive 9) Legislation is always > X years behind Security Laws I m m u t a b l e S i n c e 1 9 9 0
  • 5. Security Laws I m m u t a b l e S i n c e 1 9 9 0 10) Security standards are an oxymoron 11) Security people are never their own customer 12) Cracking systems is far more fun than defending them 13) Hackers are smarter than you - they are younger! 14)Hackers are not the biggest threat - governments are! 15) As life becomes faster it becomes less secure 16) Connectivity and data half lives are getting shorter too 17) We are most at risk during a time of transition 18) The weakest link generally deļ¬nes the outcome
  • 6. RESUME R e a l i t y 2 0 2 0 Attacks are escalating The Dark Side is winning There are no silver bullets People are the biggest risk The attack surface is increasing Attacker rewards are on the up All our security tools are reactive Cyber disruption costs are growing Companies do not collaborate/share Attackers operate an open market More of the same but better & faster will not change the gameā€¦ ā€¦we have to think anew - to get out of the box and do something very different !
  • 7. Infrastructures Web Resources PoS + ATMs Peripherals Users IoT Mobiles Pcs Tablet Wearables Targets Transport IT Retail CryptoĀ£Ā£ Telecom ++++ c y b e r At ta c k 1 A c o n n e c t e d / n e t wo r ke d s p e c t r u m Malware False ID Social Engineering Hacking Web Probes DDoS Software Adulteration Finance Gov Health Care Education Industry Commerce Services Hospitality VictimsTools
  • 8. Malicious Code inserted into visitor browsers Gains Access to sensitive data cyber Attack 2 S y s t e m W i d e O p p o r t u n i t y Po i n t s
  • 9. VOIP net: security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing
  • 10. VOIP net: security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless
  • 11. VOIP net: security 1 P N V P N L o c a l n a t i o n a l & i n t e r n a t i o n a l VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless Inherently Secure Fibre PN/VPN Strong Encryption Hidden VPN & Routings
  • 12. VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so!
  • 13. VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities
  • 14. VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available
  • 15. VOIP NET: Security 2 L i m i t t h e t o t a l o f c o n c a t e n a t e d h o p s Country Gateway Regional Gateway Regional Gateway DedicatedFibre orWavelengths Dedicated Fibre or Wavelengths VPN PN Total end-to-end nodes to number < 10 Total end-to-end path delay to be <150 ms All Optical Fibre Net Almost Impossible to Penetrate but not entirely so! All Gateways Highly Secure Facilities All Precise Routings and Gateway Locations are not generally available N o n O b v io u s g a t ew a y g h o s t in g /d u p lic a t io n P lu s s p lit fib r e c a b le feed s c a n b e u s ed t o in c r ea s e s ec u r it y Ex t en s iv e u s e o f en c r y p t io n 12 8 a n d 2 5 6 k ey p lu s p u b lic k ey fo r c o n t r o l a n d s ig n a llin g
  • 16. Segue: Demo P u b l i c K e y M a d e O b v i o u s For More GOTO: https://bit.ly/39Ey6kY
  • 17. B S A L E R T L E O s C a n D o i t A l l ! A single hop ā€˜Low Earth Orbit Satelliteā€™ link introduces 50 - 100ms delayā€¦
  • 18. B S A L E R T L E O s C a n D o i t A l l ! A single hop ā€˜Low Earth Orbit Satelliteā€™ link introduces 50 - 100ms delayā€¦ A ll satellite system s are in heren tly in secure on every level an d very easy to attack/disable N ot credible as A platform for an y form of traffic that dem an ds security an d resilien ce
  • 19. p A E S A D O X 1 Ta r g e t h a s m o r e A c e s ! Cunning Creative Proactive Inventive Motivated Unbounded Unconstrained Outside the Law No Moral Boundary A Virtualised ā€˜Enterpriseā€™ Well Funded R&D Global Sharing Culture Skills & Expertise Market Tools, Tech & Info Trading Fast to Exploit Opportunities IT IS extrem ely rare for attackers To be presented w ith such Exponentially rich and grow ing targets The Dark Side of the Force is Winning
  • 20. p a r A D O X 2 Wa r G a m e s a n d D e f e n c e ā€œThe military play all day and occasionally go to warā€ ā€œWe are ay war every day and never playā€
  • 21. pA r A D O X 3 N o re t a l i a t o r y d e f e n c e
  • 22. pA r A D O X 3 N o re t a l i a t o r y d e f e n c e BY and large w e know w ho the attackers are and w here they reside but opt to do nothing the enem y have sim ply adopted our technologies and used them as w eapons against us
  • 23. a x i o m 1 A l o n e w e f a l l
  • 24. T o S u r v i v e We n e e d t o b e c o m e u n i t e d ā€œFailure the greatest teacher isā€
  • 25. T o S u r v i v e We n e e d t o b e c o m e u n i t e d Well Funded R&D Global Sharing Culture Tools, Tech & Info Sharing Proactive Defence Strategies Skills & Expertise Cooperation Fast to Respond to/Report Threats Cooperative Creativity Engage in Workable Legislation Help Formulate Law Frameworks Virtualised Every Aspect of Cyber Defence Formulate a Rapid Attack/Punitive Responses ā€œThe Art of War read you mustā€
  • 26. C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $2000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypotsā€¦ Social engineering is one of the most powerful tools to be widely exploited by the ā€˜Dark Sideā€™ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect
  • 27. C Y B E R C R I M E A b r i d g e d h i s t o r y a n d c o s t Banking Malware Crypto-Currency Attacks Bitcoin Wallet Stealer Device & Account Hijacking RansomeWare EPoS Attack Fake News Propaganda Social Engineering DoS, DDoS Infected eMail RansomeWare Identity Theft DNS Attack BotNets Site Sabotage SQL Attack Spam Identity Theft Phishing Trojan Worms Virus 1997 2004 2007 Estimated >>1000 Bn Attacks Total > $2000 Bn Cost of global cyber crime Today 2013 Almost all attacks/attack-types can be traced back to the exploiting of individuals who have volunteered vital info by falling victim to scams, spams/trickery, bribery, corruption, blackmail, honeypotsā€¦ Social engineering is one of the most powerful tools to be widely exploited by the ā€˜Dark Sideā€™ - and the approach can span to dumb and very obvious to the highly sophisticated and hard to detect W a tch som e crim e hEist spy m ov ies rea d detectiv e n ov els k eep up w ith security dev elopm en ts To get a grip on deception rea d on m a gic a n d m a gicia n s w a tch som e rela ted m ov ies
  • 28. S e g u e : S t u x n e t S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r O n l y i n t e r e s t e d i n M S O S H u n t e r K i l l e r S p e c i e s 2 0 1 0 A t t a c k N e v e r A t t r i b u t e d C I A - M a s s a d P r i m a r y S u s p e c t s G e n e r a l S p e c i e s f o r S a l e o n D a r k W e b S e g u e : S t u x n e t S o p h i s t i c a t e d I n t e l l i g e n t M a l w a r e Ta r g e t e d S p e c i f i c I n d u s t r i a l C o n t r o l l e r O n l y i n t e r e s t e d i n M S O S H u n t e r K i l l e r S p e c i e s 2 0 1 0 A t t a c k N e v e r A t t r i b u t e d C I A - M o s s a d P r i m a r y S u s p e c t s G e n e r a l S p e c i e s f o r S a l e o n D a r k W e b
  • 29. c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$
  • 30. c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security
  • 31. c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security Prime Motivation Political, Commercial and Social Change
  • 32. c y b e r a t t a c k P r i m a r y M o t i v a t i o n s J a n 2 0 1 9 https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ Prime Motivation Making $$$$ Prime Motivation Trade Secrets Military Security Prime Motivation Political, Commercial and Social Change Prime Motivation Domination and TakeOver
  • 33. https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ c y b e r a t t a c k P r i m a r y M e t h o d o l o g i e s J a n 2 0 1 9
  • 34. https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/ c y b e r a t t a c k P r i m a r y Ta r g e t s a s o f J a n 2 0 1 9
  • 35. M y F o r e c a s t T h e n u m b e r O n e f o r 2 0 2 0 A target rich opportunity: ā€¢ A wealthy technophobic organisation and customers ā€¢ Processes, protocols and methodologies well known ā€¢ Millions of people involved with dispersed ofļ¬ces ā€¢ Multiple points of access PSTN, VOIP, Network+ ā€¢ Staff trained to help customers BIG and small ++++ ā€¢ Many possible attack modes: Phishing, Whaling, Malware, Man-in-the-Middle, Insider, Contractor, bribery, corruption, coercion
  • 36. C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Eļ¬€ort Extremely Proļ¬table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Inļ¬‚uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Eļ¬€ort Political Inļ¬‚uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation
  • 37. C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Eļ¬€ort Extremely Proļ¬table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Inļ¬‚uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Eļ¬€ort Political Inļ¬‚uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation Short Game Low Gain Medium Game Medium Gain Long Game Massive Gain
  • 38. C Y B E R At ta c k e r s R a p i d l y c h a n g i n g p r o f i l e s / p u r p o s e s Fun Fame Notoriety Vandalism Limited Skills Limited Resources Tend to be Sporadic Rogue States Criminals Hacker Groups Hacktivist Amateurs Money Sharing Organic Dispersed Unbounded Huge Effort Progressive Cooperatives Self Organising Vast Resources Massive Market Aggregated Skills Semi-Professional Substantial Networks Skilled Political Idealists Emotional Relentless Dedicated Cause Driven Vast Networks Varied Missions Targeted Attacks Evolving Community Drugs Fraud Global Extreme Extortion Business Unbounded Professional Well Managed Well Organised Ahead of the Curve Orchestrated Eļ¬€ort Extremely Proļ¬table Syndicated Resources Massive Attack Surface Vast up-to-date Abilities Covert Money WarFare Inļ¬‚uence Pervasive Disruption Espionage Professional Sophisticated Well Organised Extreme Creativity Orchestrated Eļ¬€ort Political Inļ¬‚uencers ~Unlimited Resources Tech/Thought Leaders Regime Destabilisation Population Manipulation Military and Civil Domains Almost all attacks/attack-types can be traced back to human fallibility and ambition exploitation Short Game Low Gain Medium Game Medium Gain Long Game Massive Gain Sophistication Investment Complexity ROI
  • 39. S tat u s Q u o C y b e r C r i m e E c o n o m y E A S Y E N T R Y 1 M o s t l y v e r y p o o r p r o t e c t i o n B e h i n d t h e F i r e W a l l i n o n e s m a l l s t e p N o P a s s w o rd s E a s y P a s s w o r d s F a c t o r y D e f a u l t
  • 40. E A S Y E N T R Y 2 M o s t l y v e r y p o o r p r o t e c t i o n
  • 41. E A S Y M o n e y L o w c o s t h u m a n / ro b o t a t t a c k s
  • 42. P h i s h i n g E x p o n e n t i a l G r o w t h Criminals are in a race against security teams looking to shut them down Security teams report phishing URLs regularly, but some criminals use web hosts/ domains that ignore reports Most kits have a short life, and the phishing window is growing smaller H i g h l y s u c c e s s f u l / p r o f i t a b l e ; a n d v e r y e a s y t o a u t o m a t e f o r T X T a n d s p e e c h
  • 43. P h i s h i n g E x p o n e n t i a l G r o w t h o f S p e c i e s s e e s a ra p i d S h o r t e n i n g L i f e t i m e s Days to Deactivation Cumulative%ofKitsDeactivated 25% 50% 75% 100% Cumulative % of kits deactivated 0 40 80 120 160 200
  • 44. P h i s h i n g E x p o n e n t i a l I n n o v a t i o n Akamai
  • 45. S E G U E P h i s h i n g D e m o Access through the exploitation of a kind IT Support Desk Operator
  • 46. D E F E N CE I N D U S T R Y W h e n a c u s t o m e r b e c o m e s a n e n e m y Kill Switch Disable Signal Destruct Command Assume Control Portal Information/Data Gathering
  • 47. O F F T H E R EC O R D A l m o s t n o t h i n g i s a s i t a p p e a r s
  • 48. security P N V P N C l o u d / s VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing What is actually in this Cloud?
  • 49. security P N V P N C l o u d / s VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless What is actually in this Cloud?
  • 50. security P N V P N C l o u d / s VPN PN VPN PN Dedicated Fibre VPN PN Dedicated Fibre VPN PN VOIP Network Service Reseller with direct routing Inherently Insecure Wired & Wireless Inherently Secure Fibre PN/VPN Strong Encryption Hidden VPN & Routings What is actually in this Cloud?
  • 51. p a r t i a l v i e w 1 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l What is actually in this Cloud?
  • 52. p a r t i a l v i e w 1 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l What is actually in this Cloud? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
  • 53. p a r t i a l v i e w 2 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l How is the Network Conļ¬gured?
  • 54. p a r t i a l v i e w 2 C o m p a n i e s d o n ā€™ t d i v u l g e d e t a i l How is the Network Conļ¬gured? It is a v ita l s ec r et a s to th e d eta iled d es ig n /en g in eer in g a d o p ted A n d th e en em y m u s t n o t k n o w th is
  • 55. ~ 5 1 % S I P L a y e r R o u t i n e l y Te s t Yo u r N e t E n c r y p t E v e r y t h i n g H a r d e n P a s s w o r d s U s e a P N o r V P N Tr a i n U s e r s + + + + ? ? ? ? ~ 4 9 % S h a r e d K i t U s e N e t S p o o f i n g A d o p t P a t h D i v e r s i t y E n c r y p t A t A l l L e v e l s Engage Pre-Cursor Detection Continually Monitor The Network + + + + ? ? ? ? V O I P A T T A C K S DDoS + Access via Shared Layers & kit
  • 56. S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ?
  • 57. S o m e G u e s s e s W h a t w o u l d w e d o a s d e s i g n e r s ? In h er en tly s ec u r e in th e ex tr em e iff d es ig n ed w ell a n d d eta il is k ep t s ec r et
  • 58. Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s
  • 59. Cable 6 Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s
  • 60. Cable 8 Cable 6 Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s
  • 61. Cable 8 Cable 6 Cable 3 1 D i v e r s i t y M u l t - C a b l e s P a t h s A d d s r es ilien c e to a w h o les a ler n etw o r k a n d is a v er y effec tiv e d efen c e a g a in s t D D O S A tta c k s
  • 62. Cable 8 Cable 6 Cable 3 2 A d d r e ss i n g M u l t - C a b l e s P a t h s Radically Different For Each Layer Password Format Different by Layer
  • 63. Cable 8 Cable 6 Cable 3 2 A d d r e ss i n g M u l t - C a b l e s P a t h s Radically Different For Each Layer Password Format Different by Layer A d d s r es ilien c e A n d A N ex tr a la y er o f s ec u r ity fo r a tta c k er s if th ey g et th is d eep
  • 64. Cable 8 Cable 6 Cable 3 Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! 3 S p o o f i n g G h o s t C a b l e s P a t h s
  • 65. Cable 8 Cable 6 Cable 3 d ilu tes th e effo r ts a n d r es o u r c es o f th e d a r k s id e a n d Fr u s tr a tes th eir D es ig n s to G a in a c c es s Appears to be/mimics real thing, but sees the Dark Side fighting infrastructure to nowhere! 3 S p o o f i n g G h o s t C a b l e s P a t h s
  • 66. Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
  • 67. Cable 6 Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
  • 68. Cable 8 Cable 6 Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners
  • 69. Cable 8 Cable 6 Cable 3 4 H o p p i n g D y n a m i c A d d r e s s i n g Node Addresses Change by the second to render them invisible to scanners A s o f th e c r ea tio n o f th is p r es en ta tio n n o k n o w n a tta c k h a s b een s u c c es s fu l a g a in s t th is d efen c e
  • 70. TH E BIG PICTUR E O p t i c a l F i b r e C a b l e N e t S p i n e
  • 71. EU - Nth America O p t i c a l F i b r e C a b l e s 2 0 1 9
  • 72. UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9
  • 73. UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s
  • 74. UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s
  • 75. UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s
  • 76. UK - N0rth America 1 2 O p t i c a l F i b r e C a b l e s 2 0 1 9 D i s p e r s e C a b l e s a n d L a n d i n g S i t e s D i s p e r s e Tr a f f i c a c r o s s S e v e r a l C a b l e s D i v e r s e E m e r g e n c y r o u t i n g V i a F r a n c e , S p a i n , S c a n d i n a v i a , o n a m a j o r c a b l e f a i l M a i n t a i n S e n s i b l e F a i l u r e M a r g i n s
  • 77. m a l w a r e A ā€˜c o m m e rc i a l ā€™ s a m p l e Cerber ā€“ Malicious email ļ¬le affecting system OS - steals userā€™s info to extort money RaaS ā€“ (Ransomware-as-a-Service) Hackers make money by selling/using this product Emotet ā€“ Originally a banking Trojan, but evolved as a full-scale Bot threat. Botnets ā€“ Used for DDOS attacks, SPAM distribution, data stealing, self organising Cryptomining Malware ā€“ Distributed computing for cryptojacking - using your FLOPs
  • 78. D D o S T y p e s T h e m a i n a t t a c k c h a ra c t e r i s t i c s Volumetric: Consumes network, service, link bandwidth to create congestion/paralysis TCP State Exhaustion: Kills core routers, ļ¬rewalls & application servers - services unusable Application Layer: Target websites, databases & app services. Perhaps the most sophisticated /stealthy - very difļ¬cult to detect using common ļ¬‚ow-based monitoring https://www.scss.tcd.ie/publications/theses/diss/2018/TCD-SCSS-DISSERTATION-2018-046.pdf
  • 79.
  • 80. DDoS Defence J u s t o n e c o m m e r c i a l o f f e r
  • 81. W H AT W E D E T E C T P o s s i b l y j u s t t h e t i p o f a n i c e b e r g ! We need to start looking below the surface of obviousness for the hidden sophistication of the many stealth attacks that we suspect are happening that we cannot see! Ransomeware Phishing Crypto-WalletDoD/DDoS SQLi // XSS Man-in-The Middle URL Spooļ¬ng Cloaking Malware Covert Plant Visitors Insiders Outsiders Alongsiders Customers Contractors WiFi Tunnels Implants Malware Networks Diversions Brute Force Decoys
  • 82. V i ta l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y P h y s i c a l S e c u r i t y S t r o n g P a s s w o r d s F i r e W a l l , P N , V P N M a l w a r e P r o t e c t i o n S t r o n g E n c r y p t i o n G e n e r a P u b l i c K e y A u t h e n t i c a t i o n C e r t i f i c a t i o n ( N F a c t o r, M P a t h ) P e n e t r a t i o n D e t e c t i o n a t K e y I n t e r f a c e P o i n t s B e h a v i o u r a l A n a l y s i s o f N e t , M a c h i n e s , P e o p l e M o n i t o r f o r a l l P r e - C u r s o r E v e n t I n d i c a t o r s C r e a t e / J o i n I n f o r m a t i o n S h a r i n g N e t w o r k s a c r o s s t h e i n d u s t r y
  • 83. P h y s i c a l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y
  • 84. P h y s i c a l M e a s u r e r s M i n i m a l t o M a x i m a l S e c u r i t y S e c u r e E n t r y S i t e & B u i l d i n g D u p l i c a t e d / T r i p l i c a t e d P o w e r / F i b r e B r e a k F r e e P o w e r w i t h B a t t e r i e s G e n e r a t o r s 2 / 3 U t i l i t i e s S u p p l y S i t e 5 0 k m f r o m a n y A i r p o r t
  • 85. F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y
  • 86. F o c u s e d M e a s u r e r s T e c h n i c a l S e c u r i t y A i r L o c k S t r i p D o w n A u t h o r i s e d E n t r y O n l y G e n e r a l A c c e s s O p e n L i m i t e d A c c e s s Z o n e d T i m e d C a m e r a s H e a t S e n s o r s M o t i o n S e n s o r s L o c a t i o n P r o x i m i t y S e n s o r s I n v i s i b l e X - X L a s e r B e a m s
  • 87. S e g u e S t a g e L e f t O f f T h e R e c o r d P l a y T i m e I d o n o t r e c o m m e n d y o u t r y a n y o f t h i s - i t i s a l l a p a r t o f m y p e r s o n a l m i s s i o n t o m a k e t h e w o r l d a s a f e r p l a c e Not For Public Release
  • 88. V i ta l M e a s u r e r s T h e m i n i m a l s e c u r i t y p r o t e c t i o n failures C o m m o n M o d e O n e r o a d i n a n d o u t i s n o t a g o o d i d e a !
  • 89. opportunities ! T h e D a r k S i d e E v e r y w h e r e - A i r l i n e s e c u r i t y - P u b l i c t a r g e t s - C a r e l e s s t a l k - D e v i c e t h e f t - B r e a k i n g i n - S o c i a l d a t a + + + +
  • 90. Airport Security A i g o p p o r t u n i t y f o r d e v i c e t h e f t
  • 91. C a r e l e s s S h o u l d e r s u r f i n g ! I was working in London and stopped for a coffee break in Sohoā€¦
  • 92. U n t i d y L i t t e r B u g : - ) Ā£24k in this account! And then the fun started !
  • 93. LOUD & RUDE There is always a price to pay ! The group next to my colleague had just chanced upon the perfect name for their new company. They revealed their new domain name and more to everyone within earshot!
  • 94. A stack of papers readable at a glance EXHIBITIONISTS Government employees bragging ME Three identical laptops Three Mobiles all the same
  • 95. A stack of papers readable at a glance EXHIBITIONISTS Government employees bragging ME Three identical laptops Three Mobiles all the same In < 1hour they revealed: All there names Mobile numbers + eMail addresses Unit Codes Postal Drop Building ļ¬‚oor and room IT Support Number and log in Who was at their meeting Meeting agenda Who said what Decisions made Project Code Name Organisations involved Objectives and progress The name of a ā€˜Secret Projectā€™ Talked about in euphemisms +++++
  • 96. O p P o r t u n i s t Pass cards are so easy to forge/steal TRUTH ENGINES An End Game Company Dr Peter Cochrane EU Concept Consultant TRUTH ENGINES An End Game Company Peter Cochrane Internal Aļ¬€airs Advisor VISITOR EMPLOYEE
  • 97. Device theft Or is their something more here This is a high risk crime with a good chance of getting caught in the act or getting caught on camera.. Why would anyone do this for a few Ā£Ā£ an hour, or is there hidden value add that we are not seeing? https://www.youtube.com/watch?v=TWilMUpEMEk https://www.youtube.com/watch?v=tSKXZnfOe60
  • 98.
  • 99. UP THE VALUE 100s of hack tutorials on-line A naked mobile device is one price A live mobile device with all the log-in and personal data accessible is a much better deal !
  • 100. G O T O R e s o u r c e s 4 U petercochrane.com Broadcom/Symantic Crowdstrike Cisco, IBM Akamai Varonis Gartner, Aon, UKGov DDCMS. MimeCast BitSight,TrendMicro, FCA Juniper, RAND, Kaspersky
  • 101. Things that Think want to Link and Things that Link want to Think F I N - Q & A ? www.petercochrane.com