EFTA01735540

The Board Room guide to hacking PROT0 "GET YOUR FACTS FIRST, T DISTORT THEM AS YOU PI: MARK TWAIN Lifehack Quotes .0 PROT1 Are you compromised? Yes PROT27 PROT2 Why is everyone compromised? 1 Your network is a replicable monoculture 2. Compromising is a one-way street: You can't "uncompromise" something 3. The internet and your network are a graph of trust: compromising is viral and exponential 4. Your defense is reactive and slow, it must be proactive and fast PROT28,19495 PROT3 f•• a • I 4.- *a' 4 4 " • t t • fa. OP• • fam-res Ana - [repeated 4 times] r .'44 IF.. ti aa. 1. - • • ea a a • 'a 41110 eifffir [repeated 5 times] • 4. a a . ea a s a e - a all a .aa • a a a a - 111-•• 40. • -Mr .0, a. OK IN -t .41•• [repeated 3 times] THAT'S YOUR • MPET I caw'. - V 49. 4 ••-a e'L • a aSeaSOO 0 _lb a ii ii. • ;. p. Lsea mite"r" [repeated 5 times] 41 • 463•1* .1 f r. • aft [repeated 5 times] . alma • r ap "re I iv • ,f a I # I I I it ego I ok [repeated 3 times] e w • - • 4. 4 .^ dr- • a • 41. _en• ..t•• gp I sob - S • 44 4 a. I a • t EFTA R1 00019496 PROT4 Monoculture • The attacker can download the same software you have and attack it until he finds a way in. • An attacker can replicate an almost-exact copy of your machine and go at it until he finds an "in" • Once the attacker is on a machine he can experiment and explore the trusted neighbors until he finds an "in" PROT29 PROT5 EFTA R1 00019498 PROT6 "Un-compromise"-able • A maxim: there's always a deep enough level in a machine that is not defended/defendable • It used to be the kernel, now it's the bios, the firmware, the hardware, the secret co-processor, you name it • You can't "un-compromise" because it's impossible to know what's compromised PROT30 PROT7 EFTA R1 00019500 PROT8 Graphs of trust • A lot of security today happens at the "perimeter", once you're in it's game over. This is called "lateral movement" • Implicit trust: we trust somebody else servers to download executables, we trust certificate authorities keys, we trust our partner servers • This means that your threat model is in large part outside of your control PROT31 PROT9 en) • ile4; err.. •re r i " ar t S . - p• P:(201,114. :• Q • r • / 11, iee l e 0; .41• 10 • 111•1, I .6 C b - 00 II vi k 4 I ; ••. I io cr'IJC: 1. . A I-1 -1 • ,- J • -Pile, • •..(cas•- • • - • '114 .0° • Le 11/4 • A* . ei gOi • ( re ar/ t di ctith it ••• :2. • 'Vt isto,c. r ;•7411:.••••.; • / • tY "" • r , -. . ,.. ^ . ...A•T 1,ii. • i •••• -4. of /1... ea. • i• fr.% . i I • 1 '14 .1 I "roe," •II• - I I . ./• 1 it d. " i f I . Ph I . , •••• .'..' Via vie.i II/1"..A. I .. 1.... •• -1 • ' ' i s i r e••••••%•-. I i• .1 f • : •• PT •,•• •.siC VS l 'i Ct 1 •• e " l• i f 1')/ I Al %. i A y • •• : ] I. il.te.•: . •5',..9 1.11t i ( 1 . • ' agt•ai •::$•4 1 1)4 4 • * . 1 1; . 4 I.'s'''. I ,.-ke'r 1 PROT10 Reactive and slow • Most security tools today work by identifying an attack somewhere else and then try to protect everyone else • This is reactive in nature and ineffective: most attacks stay latent for a very long time • Even with almost-real time detection, the attacker needs to beat you at the race just once PROT32 PROT11 PROT33 PROT12 The recursive guide to compromise anything 1. Compromise a machine (exploit, social engineering, backdoor, physical access) 2. The maxim: there's always a deep enough level in a machine that is not defended/defendable. Go there and stay put 3. For every node in the graph that trusts your machine, go to 1 and be fast EFTA _R1_0019505 PROT13 Digital immune system PROT14 Digital immune system • We have the technology to build 80% of the digital immune system • We need network effects and board-level decisions to make the remaining 20% true • This will not solve computer security but it will leap it ahead by a lot PROT34 PROT15 ) EFTA R1 00019508 PROT16 "Shape-shifting" software • No two copies of the same app, (kernel, firmware, etc etc) should behave the same way at the micro level • Code should adapt to its users/owners, detect and log anomalous behavior on a distributed ledger PROT35 PROT17 "Accountability breeds responseability." -Stephen Covey QuoteAddicts PROT18 Code Signing • Every piece of code that is executed on a machine should be signed by a trusted entity • We can't trust a single company/machine: create a distributed ledger of valid signatures for every piece of code PROT36 PROT19 I PROT37,19512 PROT20 Self-destructing machines • Every machine should have a "known-good" state to revert to • Every time a machine is thought to be compromised it should be destroyed immediately and reverted back to the "known-good" state PROT38,19513 PROT21 PROT39 PROT22 Adaptive network structure • The trusting neighbors of a machine must be able to shut down communication with the allegedly compromised machine • The trusting neighbors should be able to adapt their network topology to use a mirror copy of the compromised machine PROT40 PROT23 EFTA R1 00019516 PROT24 The Al future • In the future a lot of offensive security will be Al/MLdriven • In the future security will be much faster and much more complicated • We can't have proper defense against that without these building blocks PROT41,19517 PROT25 O&A PROT42 PROT26