Sunday, August 29, 2010

Defcon 18 quickly summarized

I skipped Defcon last year, so I made a point to be there all 3 days. I strongly recommend arriving Thursday evening. Registration is no hassle, you get the official badge, and you get to check out the facility at your leisure. Even though Defcon has been at the Riviera for years, I still need a walk-through to remember how to get around. Maybe casinos hope that lost hotel guests will gamble more.

Defcon is generally well organized and with few exceptions the talks are first rate. My main complaint is the long line to get into just about every talk. I suspect they have greatly oversold admission. I wanted to attend the SCADA track on Saturday, so I showed up almost an hour early for the first session, and remained in my seat for as many sessions as biological needs would permit.

The best session was given by Fyodor on scripting nmap. He gave a very useful and clear explanation of how to customize nmap using the Lua programming language. Fyodor is also a very engaging speaker. I was very fond of his dry wit.

Dan Kaminsky and Paul Vixie gave a double-shot of DNS on Friday. Vixie discussed the use of passive DNS to gain information useful in tracking malware and criminal activity by flagging malicious use of DNS. Kaminsky gave a talk similar to Toorcon 2009, on the use of DNSSEC to provide a true, usable public key infrastructure. Using signed DNS records can authenticate destination sites. DNS authority can also be delegated more elegantly (and more usefully) than X.509.

The SCADA track was interesting, with the talks varying between those concerned with general risk discussions, technical information systems, and general discussions of plan operations. If you've ever wondered how a small water district works, this was your chance.

"Wardriving the Smart Grid" gave an overview of the technology used for wireless monitoring and control of electrical utilities. Exploitation of field tech boxes would provide privileged access to these networks. The speaker suggested that it is only a matter of time until software for these boxes is available on bit-torrent.

"SCADA and ICS for Security Experts" gave a definition of SCADA and discussed what systems can be called SCADA and which ones aren't really SCADA. SCADA involves interconnected sensors and controls under central management. Not all industrial control systems (ICS) are SCADA. Electrical "Smart Meters" are really a billing system, not a remote control system, for example. The hard part of attacking SCADA and ICS isn't getting into the network - it is understanding the physical impact of various logical controls.

Speaking of Smart Meters, "The Night the Lights Went Out in Vegas" covered some of the details of Smart Meter networks. Radio communications involves either 900 mHz licensed spectrum and GRPS, with a small number of other methods like powerline RF.

"Cyberterrorism and the National Drinking Infrastructure" gave an overview of operations at a small public water district. There are a lot of fail safe mechanisms that make it difficult to effectively attack a drinking water system. Water districts themselves are highly fragmented, meaning an attack would likely be local in scope, confined to a single municipality.

Aside from SCADA other notable topics included cyber-warfare and hardware hacking. "How to Build a Cyber Army" discussed a possible budget for a hypothetical cyber-army (North Korea was the example). Having agents embedded in the target nation's critical infrastructure is essential - remote attacks would not have their full impact without this. The final budget came out to something short of $50 million (I'm relying on memory here).

Hardware hacking included hacking WiMAx customer boxes, basics of the Arduino ("Hardware Hacking for Software Guys"), and building electronic weapons (a variant of the old Defcon "Build your own HERF gun" talk).

It wouldn't be Defcon without some controversy. Here's a short rundown:

  • A talk on Chinese cyberattacks was canceled due to objections of the Taiwanese government, ever desirous of not offending the mainline Chinese. The key speaker was a Taiwan national, so his government's request carried the day.
  • A talk on evading censorship by using TOR had one of the key speakers, affiliated with Wikileaks, detained by US authorities upon entering the country from the Netherlands. His electronics (computer, cell phone, etc.) were seized.
  • A talk on jackpotting ATMs went on as scheduled. It was pulled last year due to pressure from the presenter's employer (Juniper). He now works fo IOActive, who had no objection.
  • GSM-based cell phone communication was intercepted using a mock base-station built using $1500 of equipment. Lots of notices were prominently posted warning people not to use your cell phone during this time!

Lastly, one of my favorite things was the exhibit of old computer technology. A fully functioning DEC PDP-11 was featured that brought back memories of my first computing experiences.

And while I fully support the EFF, I did *not* get a mohawk, thank you


Post a Comment

<< Home