Hi all. When tor developers go on trips we commonly write a trip report afterward. My recent trip to Defcon didn’t contain anything sekrit so sending the notes I took here. If any of these presentations sound interesting to you then videos should be available later on the Defcon site.
Cheers! -Damian
PS. I was new to many of the things being presented so my notes quite likely have some inaccuracies. Don’t quote me on anything – watch it for yourself if interested.
tl;dr Only presentations related to the privacy field were…
Day 1
Las Vegas is… an unusual city. Like most people I knew I wasn’t in Kansas any more when I saw slot machines in the airport. By day the city’s not much to look at. Mostly just a bunch of dusty buildings baking in the 110 degree desert heat. But by night the whole city illuminates in neon lights making it quite a spectacle.
My first night I explored the strip and several of the larger casinos including Bally’s, Bellagio, Caesar’s Palace, and the Rio where the conference was taking place. They were… enormous. Caesar’s in particular took me almost a half hour simply to walk the length of it. Probably my favorite sight was the Bellagio fountains which had a magnificent water show choreographed to ‘Singing in the Rain’. It was very classy.
Day 2
The second day was the first of the conference and mostly consisted of two things: standing in line a couple hours for registration and introductory talks. The talks were just a single track and included…
- Wireless Security: Breaking Wireless Encryption Keys
Handshake process for WPA, WEP, and WEP2 among other things. I was still sorting out the material that I got during registration so I didn’t pay very close attention which was a pity since I could use a refresher.
- Intro to Forensics: Tools & Tactics
A very brief introduction to nmap, tcpdump, netcat, ntop, and Metasploit. Nothing new to me here though it was a nice reminder that I know less about them than I’d like. I haven’t played with them since grad school and should try them again when I get home…
- Cerebral Source Code
Presentation on social engineering. Sadly missed a large part of this one since I still hadn’t had breakfast. The QA portion that I saw was fun, mostly questions about how he’d extricate himself from various sticky situations. His answers were clever, as well as entertaining. My favorite…
Q: What would it take to have more trust in this community?
A: LSD?
- DC101: Defcon Survival
This was a panel discussion with general advice for enjoying Defcon. Mostly it boiled down to ‘you get what you put in’ which caught me a little off guard. I came here expecting to watch some talks, see Vegas, and schmooze with other conference attendees. Defcon, however, aims to be a lot more interactive than that and the organizers put a lot of effort into events that weave throughout the conference.
- HF Skiddies suck, don’t be one. Learn some basic Python.
This one made me twitch. The speaker both gave a very bad tutorial for getting started with python (who the hell fires up *Eclipse* every time they want to write python?!?) and seemed to be incoherently drunk for most of it. Mostly I spent this time reading the program.
- Hacking the Hackers: How Firm is Your Foundation
This was a long checklist of various topics the speaker thought the Defcon audience should know about, largely focused on hardware hacking since that was his specialty. Interestingly ‘TOR’ was the first thing he listed. I always wondered how that spelling persists despite our efforts to stamp it out. Considering that this conference had roughly 20,000 attendees, each of whom will pass it along I guess now I know…
- Fun with the Lockpicking Village
A few years back I read the MIT guide to lockpicking and spent a couple days practicing against my door. Since then I’ve fallen out of practice and this was a nice reminder about both the basics and a few things that I didn’t know (how bump keys work, defeating deadlatches, how to use a can of compressed air to defeat magnetic locks that allow egress traffic, etc).
The hallway track wasn’t anything too notable. Met three developers with Metasploit and someone from the security group I attended at WSU. But that was about it.
Day 3
Second day of the conference I ran into someone from Amazon Infosec. A talk I wanted to attend concerning the attack surface of near field communication (NFC) devices was full, but several of the others were interesting…
- Can You Track Me Now?
This was my favorite presentation of the whole conference. A panel of four presenters, including Chris Soghoian, discussed geolocational privacy of mobile devices including local threats, historical information, and requests for real time tracking.
Why does this matter, you ask? Because when it takes a team of agents to track your every step surveillance is costly. But when a single agent can track you and your every acquaintance from the comfort of his desk we get a whole lot closer to a 1984 style surveillance state real fast.
Sprint now has a department of 200 people to service wiretapping requests. They also provide a self-service portal to law enforcement that has been used six to seven hundred thousand times a year, for 8 million GPS coordinates. This includes your every move going back 6 months to 2 years depending on your provider. 7 years in the case of AT&T.
And no, none of this requires probable cause or a warrant. In other words, beware if your ex is a cop.
Another eye opening bit of the talk was phone encryption. Apple has a master skeleton key for all iPhone devices so, when requested, they can send law enforcement a DVD with all the contents of your phone. Android is a little different in that they remotely reset your password to something that they can give the law enforcement agent.
Beside three letter agencies, ad networks and apps are also a concern. 47 of the top 100 mobile applications send locational information to 3rd parties. For instance, ‘Best Alarm Clock’ sends locational information in the clear to 3rd parties whenever the app is used (somehow I doubt they need to do that for the alarm clock to function…).
On a policy front one slight glimmer of hope comes from a recent case which ruled that placing a GPS tracking device on your car *does* constitute a search and hence requires a warrant (which means they kinda sorta need evidence of wrongdoing, *gasp*!). Don’t read too much into this, though. The majority opinion ruled this way because it technically constituted trespassing on your property.
Just because you’re paranoid doesn’t mean they’re *not* out to get you…
- Crypto and the Cops
Marcia Hofmann from the EFF discussed 5th amendment protections and how they apply to being compelled to reveal your passphrase for an encrypted device. There have been five cases in this area so far, some that ruled each way in terms of compulsory decryption. Though not intuitive, the main determining factor in those cases constituted a gap in knowledge. If law enforcement knows exactly what they’re looking for and where it is then there’s less chance of the amendment applying than if the search is a fishing expedition. Moral of the presentation: never volunteer information, even if you’re innocent. Ask for a lawyer first.
- Making Sense of Static
Walkthrough of GPS signal acquisition, mostly focusing on how receivers account for Doppler shift and determine the code phase. The speakers also presented libswiftnav, an open source implementation of a GPS receiver system.
- Life Inside the Skinner Box
Cautionary presentation about the automation of law enforcement and where it might someday lead. This was pretty high level, discussing the societal implications.
- Anti-Forensics and Anti-Anti-Forensics
Discussion by a forensic examiner of several tricks that can draw out the length of an investigation (and by extension cost, increasing the chance of settlement). He also covered how they can be mitigated. Some of them included…
- using a non-standard RAID configuration
- randomizing file crated/modified timestamps
- altering file header types
- using restricted windows filenames (CON, PRN, AUX, etc)
- owning lots ‘o media
- modifying files provided with your system so the checksums no longer match what a default install would include (and hence adds to the haystack of things to sift through)
Before heading back for dinner I also caught part of a Skytalk. I didn’t find the presentation to be too interesting (brainstorming about mass data aggregation), but I got a chuckle from the sign on the door: “Absolutely no cameras allowed. Violaters will be violated violently.”
Day 4
I had less luck on the third day of the conference, hopping between several talks that weren’t particularly interesting. The best I found were…
- World War 3.0 – Chaos, Control, the Battle of the Net
Policy talk about Dubai’s upcoming WCIT negotiations (aka, the thing that’s gonna politicize the Internet). Most of the presentation was surprisingly fluffy, the only interesting bit coming from Dan Kaminsky who made the point that there’s generally four interests involved…
- privacy
- security
- anti-piracy
- sovereignty
… with ‘reliability’ being the golden goose that no one wants to cook. His point was simply that these four camps war and forge alliances, privacy and security for instance sometimes at odds over anonymity but thick as thieves on other obvious fronts. He also said something like “We have made a system optimized for moving pictures of cats. And it’s *really* good at it. Though we’d like it to do more.” (likely horribly misquoted)
- Exploit Archeology: Raiders of the Lost Payphone
Step by step process of reverse engineering and reprogramming an Exetel payphone. Twenty year old software from a company that imploded without a trace long, long ago. Ye gods each step turned out to be a trek to Mt. Doom and back…
- Off Grid Communication with Android
Mesh network by introducing a transparent proxy after going through the Java networking interface. He wrote something based on the ‘Wi-Fi Tether for Root Users’ app to put his phones into ad-hoc mode then tried both the OLSR and BATMAN proactive routing protocols. He also tried a reactive protocol that broadcasts messages, then left routing decisions to the receiver which can trivially pick the shortest path though this had issues scaling above 200 devices or so.
- Back Ops
My favorite talk of the day, given by Dan Kaminsky. It was originally slated for two hours, but got crunched at the last minute into a one hour slot so he went pretty fast over five different topics including…
- Timing Attacks
Attacks can distinguish 15-100 ms deltas over the Internet and 100 nanoseconds over a LAN. Making everything take an identical amount of time is generally unrealistic since it forces everything to worst case performance. His view was not to let the perfect be the enemy of the good, and simply introduce random delay into requests.
- Bad Random Number Generation
First a rant that for twenty years security engineers have worried about entropy sources, yet we still haven’t gotten it right. The common sources of entropy are: hardware RNG, keyboards, mouse, and disk rotation. However… most servers don’t have any of these, especially with the move to virtual storage devices. Roughly 1/200 keys on the Internet are poorly generated, and he proposed using idiosyncrasies in clock timing as an alternative source of randomness.
- Security Aspects of Languages
Starting with the question ‘why is PHP so damn popular?’, he discussed why secure coding practices like prepared statements often aren’t followed. His conclusion: SDEs are in charge and they just want their service to work. The more of a pita security makes itself the more it’ll be viewed as an obstruction and hence circumvented. He then proposed more usable security patterns, for instance making the languages smart enough to translate queries like “SELECT name FROM users WHERE username=$id” into the proper prepared statement counterpart.
- Censorship Detection
After a brief mention of OONI-Probe he discussed a censorship detection method of his via the use of favicons. I saw this in an earlier presentation of his and he mostly skimmed through it.
- Vulnerability Scanning
Trying to answer the question of ‘how much of the Internet is vulnerable to X’, he used *stateless* TCP connections to scan hosts far quicker than he usually could. The trick was to skip retaining any information about outbound connections, making fire-and-forget TCP handshakes and leaving it to the other end to remember the state of the connection.
Day 5
I didn’t expect much from the lineup on the last day, but some of them were surprisingly good. I also ran into a couple more people from Amazon and one from Tor.
- SIGINT and Traffic Analysis for the Rest of Us
Very good talk on APCO Project 25 (P25), two way radio communication used by police, fire departments, federal enforcement, the secret service, and the DoD. A drop-in replacement for analog FM, this was first introduced in the early 1990s. It can optionally be encrypted, with federal/DoD users commonly enabling it and police/fire leaving it off. If you see an earpiece or bulky walki-talky then this is what it’s probably using.
The speaker discussed several vulnerabilities in P25. Firstly, it uses a forward correcting protocol that is easy to jam. Usually a jammer needs to be stronger than the signal it’s jamming, but with P25 it’s sufficient to selectively block a message’s header to cause the rest of the message to be ignored. How hard is this, you ask? To cheaply jam a P25 signal you just need a $15 GirlTech IMME toy (it cost less to buy the toy than the transmitter that comes in it). As an added bonus it comes in pink or purple and comes with ponies on the box!
Second, P25 has no notion of authentication. Anyone can transmit and user ids can be trivially spoofed. The user id of transmitters are sent in the clear, even when encryption is enabled.
Third, any P25 device that receives a malformed signal will reply with the user id (again, in cleartext). This is invisible to the user and means that you can ping all P25 devices and triangulate their positions. Think of it as the “Marauder’s Map” for the secret service.
Fourth, P25 is a narrow band radio broadcast (12.5 Khz) which is fairly easy to intercept via a scanner (such as an Icom R-2500). This makes encryption a must for private communications. However, the encryption of P25 devices has several usability issues…
- Encryption is enabled or disabled via a switch on the handset. The only indication of if encryption is enabled or not is a “1” or “(/)” symbol on the handset. Which means ‘encrypted’ and which means ‘cleartext’ is evidently a common point of confusion.
- The beep that the device makes to indicate that it’s in encrypted mode is the same that’s used to indicate a low battery among other things.
- Encryption is transparent to the receiver, so if an individual in a group is broadcasting in cleartext then it’s impossible for anyone else in the group to know and correct them.
- Rekeyed P25 devices become incompatible while being rekeyed, forcing users to drop to cleartext if any of the devices haven’t yet been updated.
As a result, about 30 minutes per day of federal communications are sent in the clear. In a multi-city study on what this included researchers were able to gather the names of informants, license places of vehicles being tailed, etc. These snippets were also enough to reasonably figure out what investigations were going on at a given time.
When brought up with the federal field offices encryption rates improved for a week or so, then dropped back to their prior ratio of cleartext. The researchers also discussed these with the manufacturers, who insisted that it wasn’t their fault if their users couldn’t properly use their devices.
Btw, the only federal service to have a spotless record in terms of encrypting their communications? The US Postal Service.
- SCADA Strangelove or: How I Learned to Start Worrying and Love the Nuclear Plants
This was a talk on the security of SCADA HMI software (or lack thereof), which is used throughout several minor things like nuclear power plants. Originally to prevent plant operators from installing pong on the kiosks, HMI applications hasn’t evolved much since those humble origins. This talk was funny as hell, going over issues with several widely deployed HMI systems…
- Microsoft Bob: Early attempt at a friendly, ‘helpful’ interface. If you made three incorrect password attempts you got a dialog saying “I see you forgot your password. Please enter a new one here…”. It also stores passwords in plaintext.
- InvisiLink: Stored passwords are an xor with a static key. What is that key, you ask? “0123456789”
- KingView: Passwords simply have their last byte subtracted from 0xff.
- Iconies Genesis32 9.2.2: The login dialog includes a ‘challenge code’ that can be used as an alternative method of getting local admin access. To use this code the user is supposed to call customer service, who then provides the password corresponding with the code. Alternatively, you can take the first eight characters of the challenge code’s md4 hash to do the same.
There were also a couple talks on ‘firesheep inspired’ frontends for various exploits. The first did NTLM relaying against Windows corporate networks to allow for a variety of not-so-nice things like reading through another person’s Exchange inbox.
The second was a UI to automatically ARP poison a network then use sslstrip to snag credentials. I felt a little embarrassed for the speakers in this talk since they first tried to sensationalize what sslstrip could do. After that they claimed to have a stealthy MITM, then described the noisiest attack I can think of. Not only did they ARP poison the network and do SSL downgrading, but they did an nmap scan of every host on the network and, just for added stealthyness, blocked all tunneling protocols (ssh/vpn). The later was on the theory that “they’ll just use the local network instead”. Uggg.
So more annoying push-button solutions for script kiddies. Yay.
Ending Conclusions
Fun and interesting conference, but *damn* vegas is pricey. The trip was 1.5k and only $200 of that was the conference registration. I enjoyed it and it was a good thing to do at least once, but way too costly to do again.