[Dailydave] How to flush a trillion dollars right into the Chesapeake

Dave Aitel dave at immunityinc.com
Mon Sep 23 15:33:14 EDT 2013 

http://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire

So I don't usually link to random blogs from the big boys, but this
article is worth a read. On Twitter Ben Nagy asked what an integrated
team looks like - and though Symantec didn't really DELVE into the
details, probably because they'll monitize them somehow, this is what it
probably looks like. Because agility as a component of an attack team
isn't gotten by throwing money at the problem. It's a matter of
organizing your attack flow in the right way. It comes down to where
people sit in physical space, half the time.

Obviously the numbers in the infographic should all be multiplied by 10.

And then you look at these teams' successes - and one of them,
obviously, is RSA. RSA is getting hit from both sides. At this point its
marketing message is "We gothacked by the Chinese
<http://allthingsd.com/20120227/seven-questions-for-rsa-security-head-art-coviello/>,
and our main product had a USG backdoor in it":

http://www.theguardian.com/world/2013/sep/21/rsa-emc-warning-encryption-system-nsa

Backdoors go two ways:

 1.  Make your product have security vulnerabilities that only you know
    about, or can QA exploits for, or have the ability to touch (c.f.
    scada). I call this "Backdoority through obscurity".
 2. Are provably built in such a way that only you can exploit them.
    The Dual /EC/ DRBG backdoor is a classic example. TheFlame
    Certificate
    <http://www.networkworld.com/news/2012/060412-microsoft-flame-259828.html>
    attack is another one. This should be true even for remote access
    trojans - Hydrogen
    <http://www.immunityinc.com/products-hydrogen.shtml>was built so
    that without the private key, it wouldn't even respond to the init
    packet. I would be surprised if the Naid trojan system is any
    different. Pro is pro.

BSAFE being backdoored (and you have to be insane to believe RSA's weak
defense
<http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html>of
choosing that PRNG as their default) means almost every device (from
VPNs to SSL Accelerators to crypto-enabled trading applications) on the
Internet was backdoored, because everyone big uses the BSAFE library to
do their crypto.

When this program went dark it was like a toilet flushing///trillions/
of dollars right into the sewage system (not to mention RSA and NIST
being collateral damage). The silver lining here for most people on this
list is that targeted access was always the future once the Internet
happened, and that future is now.

-dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130923/f253064b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130923/f253064b/attachment.sig>

More information about the Dailydave mailing list