Let's Go To The Movies

  • Published on
    08-Apr-2017

  • View
    161

  • Download
    1

Embed Size (px)

Transcript

<ul><li><p>Lets Go To The Movies Introduction to Cybersecurity </p><p>Dennis M. Allen https://www.linkedin.com/in/dennis-m-allen-cissp-a709724 </p></li><li><p>NOW SHOWING </p></li><li><p>WarGames 1983 </p><p> 1983 Metro-Goldwyn-Mayer Studios Inc. All Rights Reserved. http://www.imdb.com/title/tt0086567 </p><p>PG Cybersecurity Elements </p><p> 0:10:36 - 0:13:45 Take the men out of the loop, </p><p> WOPR, big data, war gaming 0:17:35 - 0:17:55 Password insecurity 0:20:20 - 0: 22:15 Old school tech, grade tampering 0:24:25 - 0:25:30 War dialing, Sauls fish market 0:26:14 - 0: 30:17 War dialing (Bank, PanAm, Games) 0:32:30 - 0: 33:40 Mr. Potatohead, back doors are not </p><p> secrets! 0:38:28 - 0:45:35 Unauthorized access, Artificial </p><p> Intelligence, Global Thermal Nuclear War, Operations Centers </p><p> 1:03:47 - 1:06:10 Physical security and tone hacking 1:11:28 - 1: 12:45 Payphone hacking </p></li><li><p>Sneakers 1992 </p><p>http://www.imdb.com/title/tt0105435 1992 Universal Pictures Studios, Inc. All Rights Reserved. </p><p>PG-13 Cybersecurity Elements </p><p> 0:01:45 - 0:03:05 Wire Fraud 0:05:15 - 0:10:58 Penetration Testing including </p><p> social engineering &amp; physical security: </p><p> Your communication lines are vulnerable, fire exits need to be monitored, and your rent-a-cops are a tad under trained </p><p>0:11:38 - 0:14:20 Government hired hadckers 0:25:20 - 0:30:51 Reconnasaince, shoulder surfing, </p><p> security bypass with cake &amp; baloons 0:39:39 - 0:46:30 Electronics hacking, unauthorized </p><p> access, code breaking 1:21:27 - 1:22:54 Dumpster diving trash analysis 1:27:34 - 1:41:06 Security control bypass (guard, </p><p> cameras, voice authentication, etc.), failure to review the security log! </p></li><li><p>Hackers 1995 </p><p>http://www.imdb.com/title/tt0113243 1995 UNITED ARTISTS PICTURES INC. ALL RIGHTS RESERVED </p><p>PG-13 Cybersecurity Elements </p><p> 0:04:33 - 0:08:33 Social engineering (skip the war </p><p> dialing), hacking a TV station 0:13:34 - 0:15:02 Student record modification, and </p><p> hacker handles poor Joey 0:18:53 - 0:20:02 Late night hacking, Sprinkler test 0:22:40 - 0:25:40 1984, Rainbow Books, Common </p><p> Passwords &amp; Attack methodology? 0:25:42 - 0:29:29 Joey hacks the Gibson as God and </p><p> downloads some Garbage 0:31:13 - 0:31:18 Hack the planet, Tone hacking with </p><p> Razor and Blade 0:33:00 - 0:33:40 USS collection and Interview, </p><p> These people are terrorists </p></li><li><p>The Net 1995 </p><p>http://www.imdb.com/title/tt0113957 1995 Columbia Pictures Industries, Inc. All Rights Reserved. </p><p>PG-13 </p><p>Cybersecurity Elements </p><p>0:03:38 - 0:05:14 Malware Analysis, Assembly Lang. 0:11:30 - 0:13:16 Clean versus Analyze? 0:14:17 - 0:15:06 Airplane navigation hacked 0:15:45 - 0:16:20 Runtime analysis, talent recruiting 0:17:22 - 0:17:56 Airport computer malfunction 0:19:00 - 0:20:50 Beach computing, Social Engineering 0:39:22 - 0:40:45 Identity manipulation 0:48:02 - 0:48:29 Cell phone tracking and triangulation 0:55:00 - 0:57:02 International ISP, unauthorized system </p><p> access, IP attribution, medical records 0:57:28 - 0:59:29 Chat user attribution and recruiting 1:20:55 - 1:22:04 False sense of security from software 1:30:53 - 1:37:36 Physical security, Social Engineering, </p><p> Terminal Echo, Command and Control App, Attribution </p><p>1:42:00 1:45:00 Hacking from RSA or MacWorld? </p></li><li><p>Track down / Takedown 2000 </p><p>http://www.imdb.com/title/tt0159784 </p><p>R </p><p>2000 Dimension Films (presents) Millennium Films (in association with) Hacker Productions (copyright owner) </p><p>Cybersecurity Elements </p><p>0:03:12 - 0:04:31 1st Meeting with undercover LE 0:05:50 - 0:06:53 Social Engineering for serial number and </p><p> manufacturer info 0:07:22 - 0:08:45 Social Engineering for specs and docs 0:09:11 - 0:10:22 Switched Access Services S.A.S., </p><p> Telephone monitoring service for LE? 0:14:15 - 0:15:58 Mitnick Article 0:20:57 - 0:23:07 Rollerblading in a data center </p><p> Challenge accepted! 0:24:35 - 0:26:17 Stealing Nokitel code and deleting files (backups?) 0:27:23 - 0:27:42 Tape recorder tone dialing 0:28:55 - 0:30:25 Contempt virus 0:33:14 - 0:35:02 Messing with Agent Gibson (Water, Gas, Power) 0:35:51 - 0:39:01 Tsutomu Shimomura - Investigation (connections, </p><p> firewalls, modems, log files) 0:47:17 - 0:49:03 CellularOne investigation, hijacking cell phones, </p><p> cloning cards, signal tracking 1:01:05 - 1:03:52 Dumpster diving, Social Engineering and using </p><p> University computing resources 1:04:50 - 1:07:42 ISP (Netcom) and identifying last hop (real PoP) 1:08:40 - 1:09:55 Civilian investigation What can we do? 1:10:22 - 1:14:13 Social Engineering and using University computing 1:16:23 - 1:18:07 Trolling/Cell scope/ War driving 1:26:17 - 1:26:42 Packet Capture to recover lost files on final upload </p></li><li><p>Antitrust 2001 </p><p>http://www.imdb.com/title/tt0218817 METRO-GOLDWYN-MAYER PICTURES INC. (2001) </p><p>PG-13 Cybersecurity Elements </p><p> 0:00:20 - 0:03:35 Programming, First Mover Advantage 0:03:40 - 0:05:00 The Garage Business 0:09:36 - 0:19:00 Smart Home 0:10:10 - 0:10:34 Open Source/Free v. Software Business 0:11:35 - 0:12:58 Synapse architecture, backdoors, etc. 0:16:08 - 0:17:04 Government recruiting (42K and a Buick) 0:18:26 - 0:18:45 Security briefing 0:20:00 - 0:21:10 Programmer swag The Egg 0:44:10 - 0:48:35 Tailgating, Building and Badge Security, </p><p> Unlocked terminal with privileged access (Printed badge, altered security feeds) </p><p>0:49:40 - 1:00:24 Milo snooping No multi-factor!!!!!! 0:54:00 - 1:00:24 Very detailed NURV employee database </p><p> Good ol Linux CLI 1:27:39 Vehicle Tracking System 1:29:20 - 1:40:00 Milo versus Gary and who can access </p><p> the Satellites faster, Release of Synapse source code to the world </p><p> Other interesting points: Social Engineering to get an invite to the Art Museum Benefit Several Java code and compilation examples throughout </p></li><li><p>http://www.imdb.com/title/tt0244244 </p><p>Swordfish 2001 </p><p> 2001 Village Roadshow Films (BVI) Limited. All rights reserved. </p><p>R Cybersecurity Elements </p><p> 0:27:00 - 0:30:00 Performance Based Interview 0:51:40 0:53:00 Stashing worm generator code on </p><p> an Internet accessible PDP-10 0:55:05 0:57:10 Creating the Hydra. </p><p> Terrible, yet spectacular. Other interesting points: Ironically, the movie starts by stressing the importance </p><p>of realism in movies Bad guys and good guys recruiting the same talent Computer facilitated crime funding terrorists </p><p> To be clear The technology is terrible! </p></li><li><p>Firewall 2006 </p><p>http://www.imdb.com/title/tt0408345 2006 Warner Bros. Entertainment Inc. 2006 Village Roadshow (BMI) Limited. All rights reserved </p><p>PG-13 </p><p>Cybersecurity Elements </p><p>0:07:02 - 0:07:33 Wireshark and Cisco ACLs (kinda) 0:07:50 - 0:09:00 Boardroom and CISO challenges 0:10:42 - 0:11:15 ID Theft and dumpster diving 0:53:00 - 0:55:54 Building the scanner 0:58:07 - 1:01:52 Navigating the Data Center 1:02:50 - 1:08:08 Cat &amp; Mouse (Catching an insider) 1:29:19 - 1:30:08 PET-NAV 3000 </p></li><li><p>Untraceable 2008 </p><p>http://www.imdb.com/title/tt0880578 2008 Lakeshore Entertainment Group LLC. All Rights Reserved. </p><p>R </p><p>Cybersecurity Elements </p><p>0:03:40 - 0:06:14 FBI Cyber tradecraft: - Chats, - Honeypots - Virtual machines - Fake data - Hack back authority? - Attribution </p><p> 0:14:52 - 0:15:46 IP black holing, Fast flux DNS, </p><p> Russian hosting, botnets of compromised hosts </p><p> 0:56:52 - 0:57:05 Horsez Trojan RAT, </p><p> unauthorized network access 1:22:20 1:23:20 Automobile hacking </p></li><li><p>Blackhat 2015 </p><p>http://www.imdb.com/title/tt2717822 2015 Universal Studios. All Rights Reserved </p><p>R Cybersecurity Elements </p><p>0:01:28 - 0:06:03 Cooling system failure in 8 nuclear reactors STUXNET-ish (about 1 min is good) </p><p>0:07:49 - 0:08:15 Thors prison phone/attack tool 0:09:02 - 0:10:15 RAT malware discussion (in Chinese). Motivations. </p><p> Collaboration with FBI? 0:10:22 - 0:11:18 Profiling and discussion about Nation-state cyber 0:11:25 - 0:12:03 Initial code analysis with some key pounding 0:13:50 - 0:18:00 Run up on Soy, Different authors for the RAT and the </p><p> payload, Justifying use of a blackhat 0:23:38 - 0:25:30 Datacenter, fancy language, thumb print keyfab, a </p><p> little CLI, insider threat 0:25:30 - 0:26:30 Some more ode analysis, and discussion for motives 0:31:00 - 0:31:50 Little bit of forensics (WRT hardware, TOR, chat/email </p><p> history, impersonation) 0:39:48 - 0:41:00 Whois lookups and a little CLI from ghostman 0:48:16 - 0:54:40 Tracking the money mules and a little bluetooth </p><p> signals tracking GPG, 512-bit encryption 1:09:19 - 1:14:00 HD recovery from the hot zone, snippets of malware in </p><p> memory, access Black Widow 1:14:45 - 1:15:15 Plausible deniability 1:16:11 - 1:17:32 Spear Phishing NSA with a malicious PDF/keylogger, </p><p> Internet accessible systems, EtherApe? 1:18:18 - 1:18:59 Bulletproof hosting in Indonesia from hard drive </p><p> recovery some missing steps though 1:19:30 - 1:19:58 Hi resolution satellite imagery 1:37:07 - 1:39:00 Physical recon/security, same model pump controlled </p><p> by the same model PLC, motivation reveal 1:42:00 - 1:43:45 Compromising the data center (with a car), physical </p><p> access is key, more CLI to image hard drives 1:43:46 - 1:44:10 Malware source code analysis 1:45:38 - 1:47:05 Social Engineering, Removable media, Waiting for </p><p> your shell, pivoting to banking apps 1:47:13 - 1:47:52 SSH and CLI trash talking Linux command write </p><p>1:52:29 - 1:54:00 Fight hacking </p></li><li><p> RealGenius(1985),h3p://www.imdb.com/&gt;tle/30089886</p><p> PiratesofSiliconValley(1999),h3p://www.imdb.com/&gt;tle/30168122</p><p> TheItalianJob(2003),h3p://www.imdb.com/&gt;tle/30317740</p><p> TheMatrixReloaded(2003),h3p://www.imdb.com/&gt;tle/30234215</p><p> TheBourneUl&gt;matum(2007),h3p://www.imdb.com/&gt;tle/30440963</p><p> LiveFreeorDieHard(2007),h3p://www.imdb.com/&gt;tle/30337978</p><p> TheGirlwiththeDragonTa3oo(2009),h3p://www.imdb.com/&gt;tle/31132620</p><p> TheSocialNetwork(2010),h3p://www.imdb.com/&gt;tle/31285016</p><p> TronLegacy(2011),h3p://www.imdb.com/&gt;tle/31104001</p><p> Code2600(2011),h3p://www.imdb.com/&gt;tle/31830538</p><p> Skyfall(2012),h3p://www.imdb.com/&gt;tle/31074638</p><p> TheInternship(2013),h3p://www.imdb.com/&gt;tle/32234155</p><p> TheImita&gt;onGame(2014),h3p://www.imdb.com/&gt;tle/32084970</p><p>At the Dollar Cinema </p></li><li><p> VerizonDataBreachReport,h3p://www.verizonenterprise.com/DBIR</p><p> FBICyberMostWanted,h3p://www.^i.gov/wanted/cyber</p><p> DigitalCarjackersShowOffNewA3acks,h3ps://www.youtube.com/watch?v=oqe6S6m73Zw</p><p> NMAPinthemovies,h3p://nmap.org/movies</p><p> BureauofJus&gt;ceSta&gt;s&gt;cs,h3p://www.bjs.gov/index.cfm?ty=tp&amp;&gt;d=42</p><p> Opera&gt;onGetRichorDieTrying,h3p://www.hulu.com/watch/420138</p><p> FBIWarnsofCyberTerror,h3p://freebeacon.com/na&gt;onal-security/^i-warns-of-an&gt;-israel-cyber-a3acks</p><p> HackersBreachMajorLawEnforcementPortal,h3ps://www.iden&gt;tyforce.com/blog/hackers-breach-law-enforcement-portal-leo-gov</p><p> PBSNOVARiseoftheHackers,h3p://www.pbs.org/wgbh/nova/tech/rise-of-the-hackers.html</p><p> ThefirstNa&gt;on-statecyberweapon?h3p://www.wired.com/2014/11/countdown-to-zero-day-stuxnet</p><p> Nasdaqhacked,h3p://www.bloomberg.com/bw/ar&gt;cles/2014-07-17/how-russian-hackers-stole-the-nasdaq</p><p> KevinMitnicknowselling0-daysh3p://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits</p><p> AnOutlawinCyberspace,h3p://www.ny&gt;mes.com/1996/02/04/books/an-outlaw-in-cyberspace.html?pagewanted=all</p><p> VulnerableCri&gt;calInfrastructure,h3p://www.forbes.com/sites/realspin/2014/11/11/americas-cri&gt;cal-infrastructure-is-vulnerable-to-cyber-a3acks</p><p> Hackerssuccessfullyground1,400passengers,h3p://www.cnn.com/2015/06/22/poli&gt;cs/lot-polish-airlines-hackers-ground-planes/</p><p> Southwest:Noevidencehackerscausedflightdelays,h3p://thehill.com/policy/cybersecurity/256676-southwest-no-evidence-hackers-caused-flight-delays</p><p> GradeTampering,h3p://www.nbclosangeles.com/news/local/Corona-del-Mar-High-School-Chea&gt;ng-Hacking-Scandal-Tutor-242423361.html</p><p> GPSTracking,h3p://www.pe3racker.com</p><p> Moviemistakesandtrivia,h3p://www.moviemistakes.com</p><p>Other Things to Check Out </p></li><li><p>Encore? </p></li><li><p> NetSmartzWorkshop,h3p://www.netsmartz.org</p><p> FBICyberSurfIslands,h3ps://sos.^i.gov</p><p> CIAKidsZone,h3ps://www.cia.gov/kids-page</p><p> TheCarnegieCadets:MySecureCyberspace,h3p://www.carnegiecyberacademy.com</p><p> CyberCIEGE,h3p://cisr.nps.edu/cyberciege</p><p> Control-Alt-Hack,h3p://www.controlalthack.com</p><p> CyberAwarenessChallenge,h3p://iase.disa.mil/eta/cyberchallenge/launchPage.htm</p><p> OnGuardOnline.gov,h3p://www.onguardonline.gov</p><p> PBSNovaCybersecurityLab,h3p://www.pbs.org/wgbh/nova/labs/lab/cyber</p><p> UsingVideoGamestoPreparetheNextGenera&gt;onCyberWarriorsh3p://resources.sei.cmu.edu/library/asset-view.cfm?assetID=442338</p><p>Games </p></li><li><p>Cyber-Fic*on</p><p> JeffAikenNovels:ZeroDaybyMarkRussinovichandHowardSchmidt(Aug2012)TrojanHorsebyMarkRussinovichandKevinMitnick(Sep2012)RogueCodebyMarkRussinovich(May2014)</p><p> StealingtheNetwork: HowtoOwntheBoxbyRayanRussellandothers(May2003) HowtoOwnaCon&gt;nentbyFXandothers(May2004) HowtoOwnanIden&gt;tybyRyanRussellandothers(May2005) HowtoOwnaShadowbyJohnnyLongandothers(Feb2007)</p><p>Non-Fic*on</p><p> TheCuckoosEgg:TheCuckoo'sEgg:TrackingaSpyThroughtheMazeofComputerEspionage,CliffStoll</p><p> CyberWar:TheNextThreattoNa&gt;onalSecurityandWhattoDoAboutIt,RobertK.Knake</p><p> SpamNa&gt;on:TheInsideStoryofOrganizedCybercrimefromGlobalEpidemictoYourFrontDoorbyBrianKrebs</p><p> AmericatheVulnerable:NewTechnologyandtheNextThreattoNa&gt;onalSecuritybyJoelBrenner</p><p> Kingpin:HowOneHackerTookOvertheBillion-DollarCybercrimeUndergroundbyKevinPoulsen</p><p> CountdowntoZeroDay:StuxnetandtheLaunchofthWorldsFirstDigitalWeaponbyKimZe3er</p><p>Books </p></li><li><p> Na&gt;onalIni&gt;a&gt;veforCybersecurityCareersandStudies,h3p://niccs.us-cert.gov Compe&gt;&gt;ons,h3p://niccs.us-cert.gov/training/tc/search/cmp/new Games&amp;Programming,h3p://niccs.us-cert.gov/educa&gt;on/cyber-games-and-programming CampsandClubs,h3p://niccs.us-cert.gov/educa&gt;on/cyber-camps-clubs</p><p> UniversityExamples CarnegieMellonPicocr,h3ps://picocr.com RochesterIns&gt;tuteofTechnologyCPTC,h3p://cptc.csec.rit.edu</p><p> SANSIns&gt;tute NetWars,h3ps://www.sans.org/netwars/ CyberAces,h3p://cyberaces.org</p><p> OtherChallenges h3p://www.na&gt;onalccdc.org h3p://www.cyberaces.org/compe&gt;&gt;ons/ h3p://www.uscyberchallenge.org</p><p> HackerChallenges(EdSkoudis), h3p://www.counterhack.net/Counter_Hack/Challenges.html</p><p>Competitions </p></li><li><p> ScholarshipforServiceh3ps://www.sfs.opm.gov/StudFAQ.aspx</p><p> Na&gt;onalCentersofAcademicExcellenceinInforma&gt;onAssurance/CyberDefenseh3ps://www.nsa.gov/ia/academic_outreach/nat_cae/</p><p> ProfessionalOrganiza&gt;ons</p><p> h3ps://www.rocissa.org</p><p> h3ps://www.owasp.org/index.php/Rochester</p><p> h3p://www.isaca.org/chapters11/Western-New-York</p><p>Training, Education &amp; Awareness </p></li><li><p> The10MostNotoriousHackersofAllTime!(8:19)h3ps://www.youtube.com/watch?v=-XpPEmcnKCk</p><p> 5MostDangerousHackersOfAllTime(4:31)h3ps://www.youtube.com/watch?v=7UaPL5PGywo</p><p> TheSecretInterna&gt;onalCyberWarDividingNa&gt;ons(42:17)h3ps://www.youtube.com/watch?v=zAS-agcQqEk</p><p> 25BiggestCyberA3acksinHistory(14:07)h3ps://www.youtube.com/watch?v=Zl_BQoJqClM</p><p> Opera&gt;onGetRichorDieTrying(43:21)h3p://www.hulu.com/watch/420138</p><p>YouTube &amp; Hulu Must Watch </p></li><li><p> ITFreeTraining,h3p://www.youtube.com/user/irreetraining</p><p> itTaster,h3p://www.youtube.com/user/i3aster</p><p> ProfessorMesser,h3ps://www.youtube.com/u...</p></li></ul>