Malwarebytes @ DefCon

Malwarebytes @ DefCon: The Wrap-Up

As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the most valuable and what topics should be of the most concern to our readers and customers.

Information

Conferences such as DefCon are great for informing people about new and/or interesting topics which they might not know much about or are interested in. This is one of the great things about attending computer security conferences, since it’s possible to get a glimps into a discipline which might not be your own and increase the tools at your disposal.

Botnets Die Hard – Owned and Operated

  • Aditya K. Sood
  • Richard J. Enbody

This talk went over different types of botnets which are currently plaguing users. They went over everything from Zeus and SpyEye to new botnets emerging and being seen more and more in the wild such as Smoke and ICE-X. These botnets use a mix of pre-existing and newly discovered methods to perform their operations.

The best thing I was able to obtain from this talk were the simple and complex methods used by these newer botnets and how they can have incredible power by simply using commands over an IRC channel, a method which is not new but is definitely different from the highly sophisticated controller interfaces which accompany the likes of Zeus.

Meet the EFF

  • Kurt Opsahl
  • Marcia Hoffman
  • Hanni Fakhouri
  • Peter Eckersley
  • Eva Galperin
  • Trevor Tim

The Electronic Frontier Foundation, or EFF, is an organization which fights for the civil liberties of all computer users. They have a fleet of analysts, lawyers and thought leaders who defend free speech on the internet, fight illegal surveillance and work to ensure that the rights and freedoms we enjoy are enhanced as our technology grows, rather than being eroded.

I thought that meeting with the EFF was very interesting and reassuring since the men and women of this organization spend their time and money-making sure that we all keep the freedoms we have enjoyed up to this point. To check out more about them, make a donation or find out what you can do to help, check out their website https://www.eff.org

Ideas

DefCon is meant to not only show off ways of hacking systems or messing with people via social engineering, it’s also a great forum for thought leaders to crowd source the attendees for ideas on how to solve problems as well as inform people who can influence decisions made as far as the evolution of technology.

The Art of Cyberwar

  • Dr. Kenneth Geers

This talk reached out to the information security community to inform about the threats we face and to think about solutions in the future of cyber warfare. It touched on topics like the history of cyber warfare, with multiple cases of espionage or information disruption, tools and weapons used in these confrontations and what we as a community need to do to prepare for what the future holds.

I really enjoyed this talk because of my knowledge and personal interest in global cyber warfare but also because it directly addressed a problem which not enough people are thinking about and especially not preparing for. Dr. Geers took the principals of Sun Tzu’s “Art of War” and related them to the cyber-war arena, stating at one point that the private and public industry are not ready for a cyber-war fueled by nation states.

 Beyond the War on General Purpose Computing: What’s Inside the Box?

  • Cory Doctorow

Mr. Doctorow, a well-known blogger, spoke about how more and more the technology we purchase and own are not our property. With the use of internal security software being embedded in computers which prevent users from being able to take apart, modify, share or customize what they own, what is next? Will the advance of technology lead to hidden backdoors being built into our prosthetic limbs, cars or house?

This talk was really interesting because of the issues brought up and the call for action in informing the attendees to make a difference when concerning the development of these types of invasions. It was also very interesting to think about how far it can actually go.

Can Twitter Really Help Expose Psychopath Killers’ Traits

  • Chris Sumner
  • Randall Wald

This very interesting talk spoke about the possibility of using Twitter to identify traits of psychopath killers. The study was based upon various aspects of Psychopathy by identifying specific traits and using statistical analysis to determine if there is a correlation or not between certain patterns seen in tweets and the likelihood that a person is a psychopath. The research is still fairly fresh but seems to be a promising way of decreasing the scope in the search for current or potential killers.

Life Inside a Skinner Box: Confronting Our Future of Automated Law Enforcement

  • Gregg Conti
  • Lisa Shay

This talk discussed all of the various methods already put in place for automated law enforcement, things like black boxes in cars, speed cameras, etc. Then it considered a future where all of these devices are connected in a way that enforcement, vitiation and prosecution are all performed automatically by computer systems and how often these systems might fail us by punishing people have done nothing.

The interesting thing about this talk I found was that while I can totally see something like this happening, they went into the possibility of software being developed to predict crimes before they even happen based upon previous experiences and in-depth analysis. They spoke about how it may appear to be a benefit, the possible downsides to this type of attack could result in people being prosecuted for crimes they didn’t commit, the systems put in place being overloaded and the potential loss of jobs by removing the human factor.

No More Hooks: Trustworthy Detection of Code Integrity Attacks

  • Xeno Kovah
  • Corey Kallenberg

This talk spoke about a new method of detecting and stopping malware when it attempts to hide itself from the operating system by hooking windows API calls. It proposes developing checksums for application code to be verified by a remote server and using this method along with a time-check make it possible to detect modifications made by malware.

This method is an interesting look at a constant problem faced by malware defenders for years as malware like rootkits continue to hide their presence from security software. It is still in a development phase but it seems like a very promising method that I look forward to see being developed in the future.

Dangers

In addition to great ideas and awesome presentations, DefCon talks also hit on what kind of new technology poses a threat to the community at large or even just the average user. This is usually done to inform and education not only users but also the companies and organizations who develop software, security protocols, etc. Most times, these companies come out and fix the problem right away, usually before DefCon at all, although sometimes they don’t do it right away and presenting the findings of the researchers at talks like DefCon push those organizations into actions. That being said, here are a few things that came out at DefCon that we all might need to be on guard for.

We Have You By The Gadget

  • Mickey Shkatov
  • Toby Kohlenberg

This talk was an interesting look at a previously seen harmless part of modern Windows operating systems, gadgets. The presenters spent time explaining the ins and outs of gadgets and what they are actually capable of. They also included numerous examples of how the gadget can be used for malicious purposes.

I thought this talk was really neat because it focused on something that most of us have never thought could be malicious. They also revealed that Microsoft is aware of the problem and is working on a solution for making safer gadgets in the next iteration of Windows.

Subterfuge: The Automated Man-In-The-Middle Attack Framework

  • Matt Toussain
  • Chris Shields

One of the most concerning talks in my opinion, described a new open-source tool which can be used to easily execute a MITM attack on a target network with just a click of a button. The tool is meant for penetration testing and can easily find security holes in the network, to be patched and secured. However, in the use of the wrong hands it can be a very powerful and dangerous tool for stealing information, spreading malware and performing malicious attacks.

This talk was very cool and Subterfuge, being the tool mentioned, is incredibly powerful. However, as much as it appears to be a great tool for making networks more secure, it is also as likely to be used for malicious purposes. Currently the tool needs to be run on the physical network in question, however creating an executable payload to be used on remote systems is in the works.

Weaponizing the Windows API with Metaspoit’s Railgun

  • David ‘TheLightCosine’ Maloney

Metasploit is a framework designed for easily exploiting computer systems and gaining things like a remote shell. This talk spoke about an extension for Metasploit known as “Railgun” or what I refer to as “Malware A-la-carte.” The railgun framework allows a penetration tester or an attacker to remotely execute windows API calls on the local system just by typing them into the command line. The possibilities which this allow are astounding and range from activating and configuring a wireless network card to decrypting passwords.

I really enjoyed this talk and at the same time was frightened by this new tool. It it just another of the multiple types of tools available to people who have little to no knowledge or experience in attacking computer systems which allow them to perform complex cyber attacks.

Panels

Along with informative talks, DefCon also hosts multiple panel presentations where one or more professionals in the community will sit down and present their thoughts, ideas and answer questions for the audience. This year there were two special guests who I thought it was worth mentioning in this blog.

Bruce Schneier

Bruce Schneier is an internationally renown technologist and security guru. He spoke about things ranging from encryption to national security.

Shared Values, Shared Responsibility: General Keith Alexander

Gen. Alexander is the director of the National Security Agency, he came to DefCon to answer questions and speak about national security especially cyber security and the importance of setting aside the differences between national government and the everyday hacker in pursuit of making the internet a safer place.

Conclusion

I certainly hope that you learned a lot from this post and that you enjoyed our live-coverage of DefCon via Twitter from not only the Malwarebytes twitter account but also my own and tweets from our CEO Marcin. DefCon was a great experience and I encourage anyone who is interested in perusing a career in computer security to come out to Las Vegas to attend this conference at least once. Any occasion which bring people of all walks of life together in one place to learn, discuss and work together is incredibly valuable and necessary. Keep an eye on our blog for pictures taken from DefCon of the talks, the environment, a few pretty funny things and even the team-we hope to be able to provide the same type of coverage next year.

ABOUT THE AUTHOR

Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.