EFTA Document EFTA01735540

The Board Room guide to hacking EFTA01735540 "GET YOUR FACTS FIRST, T DISTORT THEM AS YOU PI: MARK TWAIN Lifehack Quotes .0 EFTA01735541 Are you compromised? Yes EFTA_R1_00019494 EFTA01735542 Why is everyone compromised? 1 Your network is a replicable monoculture 2. Compromising is a one-way street: You can't "uncompromise" something 3. The internet and your network are a graph of trust: compromising is viral and exponential 4. Your defense is reactive and slow, it must be proactive and fast EFTA_R1_001,19495 EFTA01735543 •• • f•• a • • •• • • • I 4.- *a' • 4 * • 4 • „ • ' • t t • fa. OP• • •• • • •• fam-res Ana - ; ; - • • - • - • r .‘44 IF.. • ti aa. • 1. - • • ea a a • • 'a 41110 • eifffir • [repeated 5 times] • 4. a a . ea a s a e _ - . a all • a .aa • • a . . a . • a a - • 111-•• 40. • -Mr .0, a. OK IN -t .41•• • [repeated 3 times] THAT'S YOUR • MPET I • caw'. - • [repeated 3 times] V 49. 4 • • ••-a e'L • a aSeaSOO • 0 _lb a ii ii. • ;. • p. Lsea mite"r" • [repeated 5 times] 41 • 463•1* • .1 f . r. • • • . aft ' • • [repeated 5 times] . alma • r • ap "re I iv • ,f • [repeated 3 times] „ • • a I # I • [repeated 3 times] I • • I • it ego I . ok • [repeated 3 times] e w • - • 4. * # 4 .^ dr- • a • • 41. • _en• ..t•• gp • I sob - S • 44 • 4 • • a. I • • a . • • t • EFTA R1 00019496 EFTA01735544 Monoculture • The attacker can download the same software you have and attack it until he finds a way in. • An attacker can replicate an almost-exact copy of your machine and go at it until he finds an "in" • Once the attacker is on a machine he can experiment and explore the trusted neighbors until he finds an "in" EFTA_R1_00019497 EFTA01735545 EFTA R1 00019498 EFTA01735546 "Un-compromise"-able • A maxim: there's always a deep enough level in a machine that is not defended/defendable • It used to be the kernel, now it's the bios, the firmware, the hardware, the secret co-processor, you name it • You can't "un-compromise" because it's impossible to know what's compromised EFTA_R1_00019499 EFTA01735547 EFTA R1 00019500 EFTA01735548 Graphs of trust • A lot of security today happens at the "perimeter", once you're in it's game over. This is called "lateral movement" • Implicit trust: we trust somebody else servers to download executables, we trust certificate authorities keys, we trust our partner servers • This means that your threat model is in large part outside of your control EFTA_R1_00019501 EFTA01735549 • • . • en) . • • ile4; err.. • •re • • r i " ' • • ar t S . - p• P:(201,114. :• Q • ; r • / 11, iee l e 0; .41• 10 • 111•1, • I .6 C b - • 00 • II vi k 4 • , I ; ••. I . •• io cr'IJC: 1. •:• . A I-1 -1 • ,- J • -Pile, • •..(cas•- • • - • '114 .0° • Le 11/4 • • • A* . ei gOi • ( re ar/ t di ctith it •• ••• :2. • ‘Vt isto,c. r • ; . : ;•7411:.••••.; • • / • tY „„ • • r , , -. . ,.. ^ . ...A•T 1,ii. • i •••• -4. of • /1... ea. • i• fr.% . i I • 1 '14 .1 I ' • .. . ., "roe," •II• • - • ' .• • I I . ./• 1 it d. " i f I . Ph I . , •••• .'..‘ Via vie.i II/1"..A. I .. 1.... •• -1 • " • ' ' i s i • r e••••••%•-. I i• .1 f • • ' : •• PT •,•• •.siC VS l 'i Ct 1 •• e " * " l• i f 1')/ • . I Al %. •• i • A . y • • [repeated 3 times] •• : ] I. il.te.•: . •5‘,..9 1.11t i ( 1 . • • ‘ agt•ai •::$•4 1 1)4 4 • ; * . 1 1; . 4 I.'s'''. I . • ,.-ke'r 1 • • EFTA01735550 Reactive and slow • Most security tools today work by identifying an attack somewhere else and then try to protect everyone else • This is reactive in nature and ineffective: most attacks stay latent for a very long time • Even with almost-real time detection, the attacker needs to beat you at the race just once EFTA_R1_00019503 EFTA01735551 EFTA_R1_00019504 EFTA01735552 The recursive guide to compromise anything 1. Compromise a machine (exploit, social engineering, backdoor, physical access) 2. The maxim: there's always a deep enough level in a machine that is not defended/defendable. Go there and stay put 3. For every node in the graph that trusts your machine, go to 1 and be fast EFTA _R1_0019505 EFTA01735553 Digital immune system EFTA01735554 Digital immune system • We have the technology to build 80% of the digital immune system • We need network effects and board-level decisions to make the remaining 20% true • This will not solve computer security but it will leap it ahead by a lot EFTA_R1_00019507 EFTA01735555 ) EFTA R1 00019508 EFTA01735556 "Shape-shifting" software • No two copies of the same app, (kernel, firmware, etc etc) should behave the same way at the micro level • Code should adapt to its users/owners, detect and log anomalous behavior on a distributed ledger EFTA_R1_00019509 EFTA01735557 "Accountability breeds responseability." -Stephen Covey QuoteAddicts EFTA01735558 Code Signing • Every piece of code that is executed on a machine should be signed by a trusted entity • We can't trust a single company/machine: create a distributed ledger of valid signatures for every piece of code EFTA_R1_00019511 EFTA01735559 I EFTA_R1_000,19512 EFTA01735560 Self-destructing machines • Every machine should have a "known-good" state to revert to • Every time a machine is thought to be compromised it should be destroyed immediately and reverted back to the "known-good" state EFTA_R1_001,19513 EFTA01735561 EFTA_R1_00019514 EFTA01735562 Adaptive network structure • The trusting neighbors of a machine must be able to shut down communication with the allegedly compromised machine • The trusting neighbors should be able to adapt their network topology to use a mirror copy of the compromised machine EFTA_R1_00019515 EFTA01735563 EFTA R1 00019516 EFTA01735564 The Al future • In the future a lot of offensive security will be Al/MLdriven • In the future security will be much faster and much more complicated • We can't have proper defense against that without these building blocks EFTA_R1_001,19517 EFTA01735565 O&A EFTA_R1_00019518 EFTA01735566