We couldbeheroes -recon2014
Preview:
Citation preview
- 1. We Could Be Heroes Eva Galperin Global Policy Analyst,
Electronic Frontier Foundation eva@eff.org @evacide
- 2. No, really. Big damn heroes.
- 3. Ok, more like this
- 4. In the beginning, there were kittens
- 5. Activists are vulnerable
- 6. Meanwhile, in Syria
- 7. The stakes are high
- 8. February 2011, Syria unbans Facebook
- 9. Anti-Dissident Campaign Civil Unrest Begins January 26, 2011
Anti-Dissident Operations Discovered Fake Youtube [Deliver Malware]
[Phishing] 2012 CNN Reporting Skype [Deliver Malware] Fake Facebook
Deliver Malware
- 10. Phish All The Things
- 11. Phish All The Things
- 12. Phish All The Things
- 13. Phish All The Things
- 14. Phish All The Things
- 15. Phish All The Things
- 16. Phish All The Things Head of syrian opposition...
- 17. Fake Revolutionary Plans
- 18. Zero-Hour Plan for Aleppo
- 19. Ive got a little list
- 20. A message from Sheikh Adnan
- 21. Encription... can haz?
- 22. Encription... can haz?
- 23. Anti Hacker
- 24. Anti Hacker
- 25. Theyre ba-ack
- 26. Hijacked Facebook Group
- 27. A very bad day of malware analysis
- 28. False Flag
- 29. alosh66 Domains: alosh66.no-ip.info alosh66.myftp.org
alosh66.servecounterstrike.net alosh66.linkpc.net Distinguishing
feature: Predictable C2 domain naming convention. Tools: Dark Comet
RAT BlackShades RAT
- 30. Attacks March 2012: Fake YouTube Website YouTube credential
phishing DarkComet RAT June/July 2012: Skype phishing BlackShades
RAT August 2012: Facebook phishing BlackShades RAT
- 31. dot28 Gang Domain: meroo.no-ip.org Distinguishing feature:
Repeated use of 216.6.0.28 as C2. Tools: Dark Comet RAT Xtreme
RAT
- 32. Dot28 Gang Operating from November 2012 to present
Campaigns: Zero hour plan for the city of Aleppo Plans for a
revolutionary high council Skype encryption program Anti-Hacker
application Names of some militants in Syria and abroad who are
wanted by the Syrian regime
- 33. Dot28 Gang 30+ DarkComet RAT samples connecting to
216.6.0.28 1 Xtreme RAT sample connection to 216.6.0.28 C&C
stayed up during Internet blackout in Syria
- 34. Syrian students getting savvy
- 35. DarkcoderSc
- 36. Tools & Actors
- 37. Good morning Vietnam
- 38. Le Quoc Quan
- 39. Dieu Cay
- 40. Ceiling cat sez u want free flights and hotels nao?
- 41. Attacks on Vietnamese bloggers
- 42. Ethiopia: One Step Beyond
- 43. Thanks, Snowden
- 44. The game is afoot!
- 45. "The current Ethiopian government has a well- documented
history of human rights violations against anyone it sees as
political opponents. Here, it wiretapped a United States citizen on
United States soil in an apparent attempt to obtain information
about members of the Ethiopian diaspora who have been critical of
their former government. U.S. laws protect Americans from this type
of unauthorized electronic spying, regardless of who is
responsible." EFF Staff attorney Nate Cardozo
- 46. Meanwhile, in the UK
- 47. Thanks! Many thanks to: John Adams, Morgan Marquis- Boire,
Bill Marczak, Cooper Quintin, Cindy Cohn, Nate Cardozo, Citizen
Lab, and Privacy International. Heroes and rock stars.