different governmental uses for malware - black hat | home · 2015-05-28 · •different...
TRANSCRIPT
![Page 1: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/1.jpg)
![Page 2: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/2.jpg)
• Different governmental uses for malware
• Law Enforcement
• Espionage
• Surveillance
• Sabotage
• Warfare
![Page 3: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/3.jpg)
![Page 4: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/4.jpg)
![Page 5: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/5.jpg)
Protecting the irreplaceable | f-secure.com
![Page 6: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/6.jpg)
CosmicDuke
![Page 7: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/7.jpg)
Masking "file.scr"
![Page 8: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/8.jpg)
• rcs.Заказ.doc
• rcs.18.jpg
• rcs.DSC_1365527283.jpg
CVE-2011-0611
![Page 9: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/9.jpg)
CosmicDuke remnants• c:\botgenstudio\generations\8f1777b0\bin\Bot.pdb
• d:\production\nitro\sva\generations\809113dd\bin\Bot.pdb
• d:\sva\nitro\botgenstudio\interface\generations\80ddfcc1\bin\Bot.pdb
• D:\PRODUCTION\NITRO\KSK\Generations\70BCDEA1\bin\Bot.pdb
• C:\Projects\NEMESIS\nemesis-gemina\nemesis\bin\carriers\ezlzma_x86_exe.pdb
![Page 10: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/10.jpg)
![Page 11: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/11.jpg)
Havex
![Page 12: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/12.jpg)
![Page 13: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/13.jpg)
![Page 14: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/14.jpg)
![Page 15: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/15.jpg)
Agent.BTZ / Turla / Snake / Uroburos
![Page 16: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/16.jpg)
Turla
Agent.BTZ
![Page 17: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/17.jpg)
Developer Signatures
$Id: event.c 14097 2010-11-01 14:46:27Z gilg $
$Id: mime64.c 12892 2010-06-24 14:31:59Z vlad $
$Id: named_mutex.c 15594 2011-03-18 08:04:09Z gilg $
$Id: nt.c 20719 2012-12-05 12:31:20Z gilg $
$Id: ntsystem.c 19662 2012-07-09 13:17:17Z gilg $
$Id: snake_config.c 5204 2007-01-04 10:28:19Z vlad $
![Page 18: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/18.jpg)
6es7-315-2 / 6es7-417
![Page 19: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/19.jpg)
Protecting the irreplaceable | f-secure.com
![Page 20: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/20.jpg)
![Page 21: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/21.jpg)
![Page 22: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/22.jpg)
![Page 23: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/23.jpg)
"There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was the american band acdcthunderstruck. It was all very strange and happened very quickly. the attackers also managed to gain root access to the machine they entered from and removed all the logs."
![Page 24: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/24.jpg)
Gauss encryptionmov ecx, (LENGTHOF tToCrypt)-1
mov edx, OFFSET tToCrypt
mov ebx, OFFSET tEncrypt
L1:
mov eax, [edx]
XOR eax, ACDCnot eax
mov [ebx], eax
inc edx
inc EBX
LOOP L1
mov edx, OFFSET tOutEncr
call WriteString
mov edx, OFFSET tEncrypt
call WriteString
call Crlf
ret
![Page 25: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/25.jpg)
![Page 26: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/26.jpg)
![Page 27: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/27.jpg)
![Page 28: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/28.jpg)
![Page 29: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/29.jpg)
FinFly
![Page 30: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/30.jpg)
![Page 31: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/31.jpg)
UAE, Bahrain, Saudi Arabia, Syria…
• Finfisher (Gamma)
• RCS (Hacking Team)
• DarkComet
• BlackShades
• Xtreme RAT
• Spynet
![Page 32: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/32.jpg)
Image Source: When Governments Hack Opponents: A Look at Actors and Technology, Citizen Lab + ICSI
![Page 33: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/33.jpg)
![Page 34: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/34.jpg)
Hacker Units indside UKUSA intelligence agencies
JTRIG
![Page 35: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/35.jpg)
THE EYES
• FIVE EYES: USA, UK, Canada, Australia, New Zealand
• NINE EYES: Five Eyes + Denmark, Norway, The Netherlands and France
• FOURTEEN EYES: Nine Eyes + Sweden, Germany, Belgium, Italy and Spain
![Page 36: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/36.jpg)
• free brokep
FREE Peter Sunde
![Page 37: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/37.jpg)
Geneva Convention
"Legitimate military targets are limited to those objects which by their nature make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage"
![Page 38: Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different governmental uses for malware •Law Enforcement •Espionage •Surveillance •Sabotage](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2db3f9eefaa121230b0876/html5/thumbnails/38.jpg)
Please fill your feedback form if you havenice things to say. Otherwise, never mind.
Thank You