BSides Detroit 13 Keynote -- Weaponized Security

introduction

security

any more volume

they really do things the hard way why not just wait for us to leave a disc with half a million people's information seriously they shouldn't waste their best guys on us we left everything in the driveway and they're trying to break into the house

wow

so

this is the space of one week

good morning everybody welcome to besides detroit uh and thank you for having me back this is a thrill i promise no star wars copyrights were damaged in the creation of this presentation uh so i'm assuming disney won't sue me um i do want to tell you up front though what i have done here and this is an extension of if you saw me do some of the star wars stuff i talked a little bit about my home network i'm now going to talk a whole lot about my home network and some of the things i'm doing in it as a consequence i'm going to have to warn you up front that there may be inappropriate language

comments thoughts etc uh i collected things from random people that would connect to my network uh so i have really no you know guarantee in terms of you know what you might see or hear here so in that case uh if you're easily offended uh you might want to leave the room no one no you're not easily offended guys seem like a pretty solid solid group one thing i want you to keep in mind when everything i'm about to show you absolutely no certificate trust was harmed during the making this presentation i did no ssl injection i did no gathering of anything by decrypting ssl and that's important to keep in mind because unlike the nsa i can't really

crack ssl although apparently they don't need to anymore they just collect it not great the timing of that on my way here was like oh you got to be kidding me uh just a little bit about me if if you follow me at all actually you'll find me on twitter i'm fairly busy on twitter uh i get a lot of wonderful comments from people on twitter thank you uh it's always great to be uh you know uh identified and noticed i think it's because i'm so helpful for example uh one valentine's day this woman asked you know she was looking for something that was gonna make his eyes pop out of his head uh which i suggested sudden

decompression in an airtight chamber with help like that right also i follow you know technically one of my competitors but you know i like to follow a lot of people on twitter and get involved in some of the things they do for example you know what do i see as a future of security threats to twitter to which i responded they probably use your product to protect it they didn't think it was as funny as i did come on it's a joke we're all friends here i have to confess though for all the wonderful things people have said about me and and to me uh occasionally there's some people that aren't thrilled with some of the things i say

and i understand that this is an open community and i bring that up because if you do want to challenge question argue of course please do that that's part of what we do here and that's part of how we learn and evolve i'm a big boy and i'll be able to handle it uh and it's you know pretty much like my old irc days right i like to have a little fun little argument a little debate uh it's always exciting did anybody remember irc it was like facebook before we had you know colors and pictures and everything so with that let me introduce you weaponized security now first off let me say if you came

into the session expecting me to teach you how to turn your computer into this you know horrible weapon that's not really going to happen yes that was a real article quite a few years ago you can tell by the computer there i thought that was very amusing but i've actually had a few friends not very computer savvy going can this happen should i be worried will my av stop this so where this story starts actually so i i without this isn't a vendor pitch but i work for a security vendor and as a consequence i've had access to some pretty high-end security technologies uh pretty much at will as a consequence i've essentially raised my children with my firewall

so if i go back 10 years you know back when life was a little simpler when my daughter first started getting on the internet i had a very simple policy for that allowed her to go to pretty much all the places she wanted to because she really only ever went to a couple places barbie.com wb kids a few places and she could go anywhere else she liked but if that happened an sms was actually sent to my phone to let me know what was happening and one day she went to a website called funnyjunk.com and i happened to be in dallas at one of our tax centers doing some work and lo and behold in comes

this little sms saying that she went to funnyjunk.com this is before you could really browse the web on your phone the best i could get was an sms so i walked over the internet punched it up i looked and i'm like ooh it was a cartoon but it was not really appropriate for an eight-year-old she was you know was dancing penises and stuff on it so i i picked up the phone and i quickly called home to my wife and i said listen you better check on taylor i think she's looking at something she shouldn't my wife responds oh my god how did you know she has no idea what i do for a living

she still doesn't actually but uh i said well you know i you know i was just keeping an eye on things i said i said did you notice and she goes well yeah she she received this url from a kid at school she came home she punched it in my wife saw it they were just in the middle of having a conversation about it when i happened to call so as time went on of course this didn't really scale as a process i couldn't keep calling home every time a url came up and of course as time went on it got crazier and crazier the applications were coming at me fast and furious and as i discovered as i'd watch how my

children use the internet um they use social networking very very different from me for example i you know i started with linkedin because everybody had linkedin for work but i didn't really use it much and then you know i kind of got into this twitter thing because i thought it was cool i talked to a few people some interests uh and i like the fact that they kept down 140 characters so nobody could ramble on and then uh you know the facebook and at that point i'm like you know what i don't have time for anything else i'm done my kids on the other hand seemed to connect to any social network randomly it changed all the time

over a course of a week she would log into you know seven to ten different social networking sites and then within a week or two after that they would all change but she's still logging into just as many and then something happened that made me have to go down and talk to my daughter she's in her teens at this point and that was she actually opened up an account at the arizona real estate board a messaging board listed as a social networking categorization but i'm thinking why on earth does my kid from toronto need to go to the arizona real estate board she went in and actually created a with a zip code and everything she'd done her

research to appear and of course her friends would come over and they joined my wi-fi and i could see what they're doing too we're all joining it as well so i had to finally go talk to her and say what is it you're doing here and she explained to me it's actually high school all over again and that is so first off the first alarming thing i discovered was that facebook was for old people uh and that was really just the face that she used to put up in front of mom and dad and grandma and grandpa uh it was really nothing you know uh not a real life her real life was going on and

all these other different social networks but even with that she had friends that you know how they like to have their little clicks so they go out and anything to my kids were you allowed to post or share information is social networking to them they don't give a crap what it's called or where it's located so they would create these accounts sign up and then they would tell just a couple of good friends who would join in too with their random names and their random emails and they would all talk and then they'd tell a few friends tell a few friends and then we get bigger and bigger and finally explode till there's so many people they go oh i'm sick of

all these people and they jump to the next social networking site and this went on and on and on high school all over again i feel sorry for the poor people the arizona real estate board because a bunch of kids from toronto came in one day and just blew up the board with a whole bunch of stuff and off they went but the real irony in all this is well i of course is easily trackable across all my social networking my daughter had actually created a little bit of privacy for herself because she created a new persona a new identity in some cases created a new email for every one of these sites that she logged into now she

wasn't doing it for any other intention other than she had her little clicks there she really had no concept of privacy but it started to teach me a little bit more about how they're using these tools so i thought i'd share all the things i've been discovering on this now as time went on of course i couldn't just let the kids run rampant right that's not a good thing to do so i started introducing you know we introduced technology for you know india in-depth url filtering i got pretty excited about i'm like oh well they can't look at any sex sites and i'm going to stop them from alcohol i don't need to know about alcohol and drugs

they're kids and i went through and i checked off the list of course i didn't quite think the ramifications of all this for example uh and i applied it to the whole house not thinking so for example when my wife went to look up a recipe that had alcohol in it the firewall happily went in and said oh no no you can't look at that and i put a block message that said you know contact your dad if you really think you need to see this uh so uh she got a hold of me and she wasn't actually thrilled about the whole setup this is uh i spent a lot of time on the road so essentially we talk a lot over

skype of course it wasn't for skype so i had to kind of back off from that i realized plus the kids were getting older there's too many sites uh and realistically i mean how many people have dealt with that if you've ever had to do url filtering for a company same kind of challenge right people are using it in ways you didn't quite imagine so i took a completely different approach and this is more or less how my my house looks at home i went through a period of time where i had anywhere from uh eight to 12 servers running at any given time i've now collapsed everything into a big esx server so even though it's really only one

server it's actually multiple infrastructures uh firewall embedded in there for access to the internet the wi-fi and essentially uh everybody can kind of come into the network and and do whatever they like uh you know from the family's perspective um i just let them you know browse away but i do log the activity that's going on try to understand it now because i can interact with uh my children as i said i raised my my kids with my firewall i started building in you know messaging systems for them to try to deal with some of the challenges i had one of them was my kids would stay up all night browsing the web and then they get up in the morning go

oh dad i don't feel well like my stomach's oh it's upset i got a headache i think i better stay home and be like oh geez poor kid's sick uh but then of course i you know later on go back and look at the logs and realize oh my god they've been surfing youtube all night till like six in the morning uh you know pretty much shut down an hour before i woke them up and they're like oh i feel bad so i built a customized entry so i could actually go into my logs uh create an entry and say you know well anytime past midnight actually was 2 am if they're browsing around on the

internet a little pop-up comes along and says you you know it's two in the morning probably time to shut it down and even at that point that's a little extreme uh and they actually have to agree uh to my terms of services right so i just said in my hey uh do you agree you want to keep uh surfing so now of course i'm like oh dad i don't feel well i feel sick i quickly pull up the thing and no uh 2 in the am last night you agreed you were going to go to school anyway off you go have fun so i'm not kidding when i actually raise my kids over uh over uh

over my with my firewall of course you know this only had to happen to them once and they learned very quickly oh god i gotta go to school tomorrow i better shut this down and i thought it was a much easier way to teach them the lesson rather than come in with a heavy hand and say i'm blocking the internet this is terrible stop it um it's just a little suggestion there in terms of uh if you want to monitor and watch the kids now you don't always have to use uh this technology for you know essentially warning and hammering people actually at one point i created an entry similar to this uh but actually coded

all the the family's birthdays in it uh so of course my uh wife went surfing you know jumped up on facebook at 1201 midnight in the day of her birthday and uh lo and behold uh up pops a little message i'll just jump ahead to it uh you know hey before you go off to your social networking just wanted to wish you a happy birthday from gatekeeper your hard-working firewall she thought that was cute now i also use it for of course when my children get you know do something bad they they get you know grounded and of course part of grounding is they're they're cut off from the internet but not exactly uh my

daughter forged a note uh to one of her teachers because she didn't want us to see a test that she didn't do so well on so for a week that's all she got to see whenever she tried to connect to the internet i'm just informing her if she brings me a signed note from her mom i'll uh lift it for her so as a consequence of course of having this technology um i started feel pretty you know pretty you know invulnerable on the internet right i got it all i'm safe there's really no problems here i mean you know 10 15 years of security experience come at me what do you got this would be

just interesting to me and of course i regularly get attacked from the outside since i don't let a whole lot of services into my house uh not really a big deal i don't really care i more or less collect them just go wow i remember a time when when i first started i put uh one of canada's first banks online and at that point you know if we saw an attack every you know a couple of days it was amazing you know usually it could go months without anyone doing any kind of serious things and over time that shrunk until now within five minutes of coming online right you have people scanning and looking but what's more interesting for

me is when the outbound stuff what we're picking up in terms of where i'm going for example uh one time i noticed i i got a a it was a png exploit for uh internet explorer and i thought geez where did i even hit that i don't even remember going anywhere malicious and i went and looked up the url and actually then it suddenly hit me it was a sunday i had to work in the lab i really wanted to catch the eagles game the eagles giants game but i didn't you know i couldn't really leave the lab i didn't want to drag the tv over so i thought maybe i just catch it online and

i literally just looked at this webpage and thought yeah it looks a little shady i'm not going to bother but of course according to my firewall it actually already had tried to uh to exploit me and of course it's hitting my family uh all the time but i don't really worry about it of course because not only to have that protection uh we're actually a family of max when vista came along it was the decision to make that i was moving away from the pc world and at that point all my family's running max so i'm feeling extra invulnerable what could ever possibly happen to me right i got max i got security i've got

you know up the wazoo well one day actually it was just last year right around june um i upgraded our system and in our system we put in a new check and actually r d was actually asking me to help them test it was anti-bot detection but you know people getting infected if you see bot activity you would try to catch it well the moment i turned it on and again i didn't turn it on with anything other than detect because i didn't take it that seriously i'm not gonna have bots i got max the back's gonna hack me but then i noticed this hit every day it was paying i'm like well that's that's something going on so

i clicked on to take a closer look and i realized what it was picking up was there was a dns lookup for a site that was known to be potentially dangerous but it couldn't tell much more beyond that until i turned on something called the dns trapper and all that does basically is the firewall actually responds with its address for the for the dns location and essentially proxies the connection through so can take a closer look figure out exactly what's going on and establish if it's good or bad so i thought you know what maybe i'll just turn that on and and see what happens and of course i flick it on and lo and behold by the next day

uh i got a significant jump in activity huh i think i have a bot in my house well who could it be i mean my wife yeah she'll pretty much click anything send it to her should click it a couple times if it looks like it doesn't work kids are downloading stuff that you know may be questionable so who do you think this horrible person that brought a bot into my network was any guesses yeah it was me i was horrified to discover that as i click through i'm like oh my goodness who could this terrible person be here's the 104 entries of the actual communications being monitored uh and lo and behold it was actually

this machine right here now of course this blew my mind i'm like oh my god and i panicked of course like most people do and immediately looked up all eight bot nets that existed for the mac and started searching through my mac but i didn't find anything and then suddenly it hit me oh i have a virtual machine running windows i don't use it much but it's there and of course it's actually not listed as a very dangerous uh bot it's got the greens it's there but it's not doing much well sure enough in my virtual machine that i truthfully barely turn on i got a bot i don't know where it came from it was luckily this msn bot that

i just i don't use msn it was a big deal just captured credentials and spammed your friends but because i'd never actually initiated any kind of connection to msn it just kind of sat there just doing a heartbeat saying i'm here i'm waiting uh so it was fairly easy the image of vmware machine problem solved so i'm still feeling really good right i got max i got all the security i have no problems but then a week later something scary happened and all of a sudden i started to get the big red hits and when i took a closer look it was my son on his mac pro and he really did have a mac bot

and i thought how could this happen i mean that my invulnerability feeling suddenly went away very quickly it slipped right through and then something very disturbing hit me i went back through the logs and i noticed a week before that i actually had a protection that was detected that coincidentally enough allowed a remote exploit on a quicktime and the part that upset me the most was i'd had this protection already but it was sitting in detect mode and you know why because i'm this old-time ips guy that goes well i'm going to download the signatures i'm going to put them in detect mode i'm going to monitor for a while and then when i feel comfortable

as the administrator i'll start enforcing things if i feel it's right but of course things are moving way too fast that that mentality worked great for me 10 years ago when i was in the trenches it worked actually fantastic in this day and age it's just coming too fast and furious i don't have time to keep up with it and also the other part i wasn't thinking about is and this is the most ridiculous part i know where all these signatures are coming from i know who's generating this i've sat with the people writing them and we've got this massive infrastructure this whole team of people that do nothing but analyze and push this stuff out so at some point i've got

to learn to trust them and just accept that i'm going to go straight to a block mode and turn it off in the event of a problem i've got to do the reverse of what i traditionally thought of and that's truthfully just to kind of keep up with things but let's leave the whole security aspect aside we know about this this is pretty straightforward i want to talk about the kind of things that your security learns about you so i have of course in my infrastructure everybody can come in i've got these wonderful enterprise grade tools just sitting around that i can play with and try all the time i get tons of information about the

family and things they're doing like for example my son who's using himachi he thinks i i don't know uh tuttling you know i'm not really sure what he says he uses it for gaming but you know i'll reserve judgment for now we're fairly open with the kids um i also have you know dlp on you guys have seen and heard about my uh my dlp policy i think we talked about it last time those of you haven't seen it this is actually my dlp policy at home yes i run data loss prevention at home it's probably one of the most valuable things i've ever done a couple things i look for is credit card numbers if i see that

my wife's buying something it's a problem i also look for common medical terms thinking why on earth would you do that well i have children that grew up with google uh their whole life if they have a medical or health related question about their bodies as they're growing up are they going to ask me or they can ask google it's kind of like an early warning system and it's actually scary when it hits i also look for inappropriate language and personal uh personal information leaking um so i can pick up all kinds of interesting things like for example uh my daughter posted one day a picture tagged my wife flags the dlp and i can

quickly look it up and see that oh yeah she was just posting a picture when we were in new york city because she saw something it's very very interesting because people when i talk to customers they tell me oh you know we plugged in this tool and we found out people are using facebook well i could have told you that but what are they doing on facebook what are they posting what kind of information is out there that's the more interesting part the more important piece now of course part of what i run here is i actually run a guest network uh in my environment if you want to come by my house and connect to my wi-fi

be my guest absolutely literally and of course i do get a fair bit of traffic on here you can connect it's open completely open uh except for a little login page where really uh it's just uh it's open you know you just give me your name your email and your favorite number your favorite movie if you like you also have to agree to my terms of service which look a little bit like this very long and convoluted they used to be very simple it used to be a very very simple uh uh agreement where you know kind of the background was like basically i was saying look your data is mine um do whatever i want with it including

broadcast it to random strangers like yourselves now i i decided actually to go a little further i went to google and facebook i went to google i went to facebook i went to all these different sites itunes and i took their terms of service and i built this based on theirs and you know it wasn't a dramatic change from the basically your data is mine and i'll do whatever i want i just sounded more serious of course you know if you read something like this would you still connect to that that wi-fi or would you be you know oh i don't like those terms of service i'm gonna say no by the way just for reference i

have a 150 megabit internet service in my house so it's a pretty decent service if you want to connect you go crazy look i had limitation warranties i should get evaluated by a lawyer to see if i'm covered also under discovered canadian law unless i do this i could actually get a lot of trouble for what i'm about to show you so without going too much into this detail so who on earth would sign up for something like that well folks i'd like you to meet tony uh tony can be reached at tmarcon.hotmail.com favorite movies king kong please call him tony well then here's mitch mitch is an interesting guy because mitch spent a lot of time in my network

enough time for me to figure out a few things about mitch let me share them with you now mitch of course uses windows when i did a deeper look at terms of what he was actually running windows vista i can even go right down the service pack level uh he's running adobe which is you know not shocking everybody runs adobe right at some point his favorite web browser is mozilla that's his preference he pretty much browsed everything with mozilla uh of course he's running java which at the time didn't seem like that much of a big a deal but you know lately has actually become more interesting uh he's also a skype user likes to chat with his

friends over skype uh of course he uses facebook right who doesn't use facebook these days remember no certificates were harmed in the making of this presentation now of course facebook's encrypted so i couldn't see much beyond him going to facebook right uh wrong uh here's mitch's girlfriend uh here's a picture of mitch when he was a kid mitch had an unnatural fascination with freddy krueger he looked at literally dozens and dozens of pictures of him i think maybe he's preparing for a uh i don't know um halloween costume or something i don't know it wasn't even really near halloween so i couldn't quite figure that one out uh of course he also has facebook chat and i just

wanted to point out that uh without going too much detail i could actually pull the url for the chat right down to the ids of everybody he talks to you know what that means right now i knew who all mitch's friends are you just punch in that id go right to facebook and you see who mitch likes to hang out with um he's also a bit of a gamer because he ended up going to yahoo and asked in looking up this question so he must have got himself a copy of nhl 10 and decided how to go all the way in pro mode he's also a fan of anime because he went to this website and he watched this video

and then he watched this video but don't worry folks mitch has security he's safe right now let's think about this for a second we have this unknown person well actually let's not say unknown we got this guy mitch hanging around my network on this free wi-fi running assorted applications and if i go over 2012 i did a quick listing of any critical just the critical vulnerabilities that allow me to actually hijack the whole system uh you collapse that together i have a hundred and what 65 attack vectors available in just those three applications while he's sitting there and that's you know things i could go after from from a remote perspective i also know who his friends are

and what his interests are so i ask you how hard would it be to craft an email or a link or drag him somewhere and with all this information that i know and by the way having brought up the point that i also know a lot about his operating system and he's sitting on my network so of course going directly to the operating system would be extremely easy now of course we're all going to laugh at mitch you go well you know i'm not that stupid i would never do anything like that and it's true but there's a slight problem with this and that is what if mitch isn't the person i'm interested in what if it's mitch's friends

because i'll use mitch to get to everybody else who's doing the best they possibly can i actually had some friends uh block me from from facebook recently because i complained bitterly about their their constant need to click everything in front of them apparently a couple of times uh and you know all the stupid spam and i would scold them for it i would point it out and it's like you people stop clicking this stuff what's wrong with you they go man well i'll click whatever i want what what does it matter i'm like you know it's this is my account i'm like but you're putting me at risk because i've chosen to be friends with

you and they're like well i don't want to be friends with you i'm like perfect this is working out well for both of us move along we'll stick to phone calls uh actually it's it's been a few contentious thing with my wife and some of her friends because i'm like i don't want these people on my network there's something wrong with them they'll click whatever they want but you take a look at by the way if you think i'm being too harsh on these people i do have it set up so that if you hang around my network for too long i will jump back in and remind you with a little pop-up you know before you go

to whatever it is you're going to just little reminder i'm going to come with you i'm going to help myself to whatever it is uh uh you're doing you know hey why not right so when we look at all these things that we're doing from a guest perspective i thought this is pretty busy it's pretty active i'm getting actually a lot of activity this there was far more than mitch and there actually know so much about my neighbors it's incredible never even met most of them i'm waiting for that one moment where you have that neighbor standoff over some issue and i go oh buddy you don't want to go there i know everything about

you you know nothing about me so i thought actually i'd update you know my login to say you know what i'm going to ask for the name email i'm going to requirement and i'm going to actually ask your requirement for a phone number i left the favorite movie there one i thought if this works out well maybe i'll add you know social insurance number credit card see how far we can go with this hey you got your passport number handy free wi-fi who would possibly agree to something like that right well folks i'd like you to meet manny manny can be reached at 647-888-9047 i don't know if it's a real number i've never called him but uh feel free if you

like but then i decided i would take this to a new level and i took our dlp engine and i created a new data set and this new data set is called conversations and i called it that because i literally just went to google i decided well you know what's the most common words used when people are talking and people are chatting and of course it was a very quick search and all of a sudden you know i found you know thousand most common four thousand the most common tons of databases like this simple csv format uh and so i actually didn't even take the top uh you know 4000. i actually think i took about 50 or 100 of them

the top ones and i plugged it in a data set and said well anybody that comes into my guest network going anywhere i just want to detect this and the amount of information that came flooding in was stunning to me so enough that i actually thought i'd create a little movie about it well that's what i like to do right i get stuck on planes a lot so i collect data i play with it um so i'd like to share with you now uh my movie i call it dlp a love story

uh

it's fascinating i've got a whole soap opera happening around my network i could just sit and pour through dop logs all day and i wasn't kidding when i said i've learned a lot about what's going on in my environment and let me show you just how detailed this can get so we're going to pick on uh on ronnie here ronnie came in and decided to uh hang around my network for an inordinate amount of time actually about 72 hours uh he hung around with so of course i i you know and this is one example of of many streams of data so to speak that came through so i saw a piece of data come through it

says if you like what you see don't be afraid of it okay i'm not afraid let's see what we got here so i started digging through the information there and of course when i pull up this description field of what was posted ugh these online dating sites can be such a drag but anyways a little about myself an electoral contractor i'm like okay that's kind of interesting let's see where this is coming from and he was going to a place at pof.com i found out that stood for plentyoffish.com does anybody know that site dead silence it's a dating site i don't know i've been married for a while so it wasn't really uh something i

was aware of but i thought okay that's kind of cool now keep in mind on top of the dlp stuff i'm collecting i'm also collecting every url and website he goes to and of course i can correlate them together so after creating this profile uh our friend here then proceeded to go to this girl's profile and send her this private message well private between us right amazing smile you just made my day now i know where to look to break my day when i'm having a doll day gwen sweet and thanks and then about a minute later he went to this girl's profile and he sent her this message uh just looking at your photo think

you're my kind of lady don't even need to read your profile you look so simple yet so darn hot did he just call her simple i know i've been out of the dating scene for a long time but that doesn't strike me as a good thing to do i need to get the injection part of dlp go buddy you don't want to do that then he went to this girl's site sent her this message uh nice long dragon on short line worth he says she's sexy for 32 years old so now he's calling her old this guy needs help but anyway i started to wonder i'm like well what other things can i find out about this

person right this is a very passive thing where i'm just seeing you know where he's going what he's looking at and i took a closer look of course there is more information i capture as part of the dlp i'm capturing the whole session and sure enough when i looked there was actually a whole header with cookie and when i drilled down and went deeper into the cookie i discovered this field username fantabulous frasier so i went to plentyoffish.com punched in fantabulous flasher ta-da ugh these online dating sites can be such a drag ugh these online dating sites can be such a drag here's my guy now here's what's interesting i recognize this neighborhood that's actually his

house do you know what's sitting right behind his house my house free wi-fi right but here's where things can get dangerous for our friend frazier i could start building you know compound data types looking for some very specific things uh you know uh for example like credit card information maybe i could exclude it of course but i can also start to target what it is i want to extract about them and the reason i find this uh interesting and powerful is if you think about it these tools are sitting in our offices in our companies and i don't know how many companies i talk to where it's what kind of process do you have oh well it's sally is the

firewall person she looks after everything she's great so we just let her take care of it i wonder how many companies realize what they've handed over to these people what kind of information they have how hard would be to create a targeted you know i could use the credit card of the cfo of the company that could be kind of handy for my trip to vegas how hard would it be to build a data set search that would pluck that out that would find it or the chance of course they're using it online now i want to make clear that a lot of the analysis and things that you're seeing here is people tend to get zeroed in on the

tool itself look at that pretty tool and don't get me wrong it's pretty it's a big enterprise product a lot of developers on it but what i'm doing here is not you know dramatic in the sense that you couldn't build this sort of thing in your home it's just this is designed for a scale of you know potentially thousands of users in your home a little bit of work what we use pretty graphically but you could actually build this kind of search this is not outrageous technology in the sense of what it's doing but what's interesting is that we think these tools are going to tell us the information when really they just collect the data right they just tell us

what's going on and the context i can get when i'm using it is i know my kids i know my wife i know a lot of my friends that come on so when i look at this data i can make sense of it i can relate it i have something very important i have context right it's not just data sets for me it's not like thousands of people i have to think about i don't quite have the context of what's going on with you know some of my neighbors in that but of course i'm learning more and more about them as you go along and as i said remember no certificates were harmed in the

creation of this now i could go a step further i could inject the ssl certs onto my family decrypt all their ssl but with the amount of data i'm already collecting and everybody says everything's going ssl but i'm actually finding it not so much there's still a whole lot of information i'm extracting without it we'll see as time goes on maybe the next time i come up here i'll be okay so i went with the ssl decryption and here's where it goes by the way with the guests based on the information i'm collecting it should be too hard to get them to install my cert would you agree now every organization my own included love

to do these 2013 uh you know your 2000 you know security reports uh my company's no different they collect all this data that we're searching we scrub it and we present it um i thought i'd actually give you my own version of this uh this would be the 2000 security report from kelman based purely on my house over the course of the year i have blue i'll have years worth of data but i thought i just do a rundown of 2012 and share with you some of the things i'm able to see and understand based on context of course and the big one i learned is of course most of my traffic is media sharing and

of course of that media sharing the lion's share of it is courses this is my son this is my daughter uh and this is our apple tvs they don't have a username since the uh and applicable so if you look at like three quarters of the stuff they're doing is all youtube and of course this actually allowed me to make a business decision in the house because i realized my children don't watch tv the concept of tv actually turning it on and looking at a channel is ridiculous to them now it never crossed my mind that that would be a problem my wife and i you know still somewhat actually i'm less so now because i travel a lot

but they have no interest in it if they can't point and click and watch it immediately they're not interested i wonder how many tv companies and cable providers realize that when my you know son and daughter get into the real world tv isn't the last thing on their list to buy it's not on the list that tv is nothing more than especially the apple tv is just send their their data up their friends come over and my daughter has a sleepover your friends will come over and they sit there with their iphones and fire up uh their videos and stuff onto the uh you know through youtube and stuff on the tv all night they'll do that happily all night

never once turn on the tv uh as a matter of fact it got to the point where i received a letter from my my satellite subscriber i thought it was junk mail so i kind of threw it to the side and i was about to throw it out and i realized this doesn't look like junk i open it up and it says we've decommissioned your receiver please contact i've been long-time user of their services please contact us and we'll send you a new receiver but make sure you get a hold of us before july 1st otherwise you're going to lose your tv service at this point it's july 15th i'm like huh go over i turn on the tv

black nothing nobody in the house has said a word well i'm thinking that's summer right nobody's really watching a lot of tv anyway no big deal i'll wait until september and of course by you know mid to end of september nobody said a word so i finally say to the family hey you guys know the tv is dead and of course the kids ready to go there's something wrong with the apple tv no no the apple tv is fine the satellite's gone and they all went oh went right back to eating could care less so as a consequence i i've realized that uh i'm i'm uh i don't really need service well i actually canceled the

kids package right away they never noticed or cared uh and i'm a little disillusioned with the tv however i keep it to say that at least i'm trying to pay something uh and that's a prelude too it's another presentation i'm working on that maybe i'll see you with next week um one other element i thought you'd find interesting i found interesting now this is the list of the top users that come to my network i know a lot of them there's a good friend of my sons who stays over a lot he'll come and stay a week at a time he lives out in the country to friends at my friend's place so 150 megabit internet service is like

the biggest thrill in the world for him so he likes to come over and spend a lot of time that of course is probably not very interesting to you but there is something very interesting i found which i thought i would like to share with you every one of these people the first time they come to my network sends off this piece of data and then never send it again no matter how many times they come back they come back with a new machine they'll send this off again but everybody does anybody know what this is you got it anybody realized the extent to which they're doing this so right now this if it's a lot to read right here but

basically what's happening is this is a list of every wi-fi hotspot in my neighborhood not just mine complete with signal strength uh single noise ratio ssid information everything it gathered all that and fires it off to google everybody does that when they connect how many people aware of that and we've heard of it one person come on the other people have seen this i i didn't actually realize what this was until i looked it up and then i realized people were identifying it's happening uh every one of our devices every time you find a new wi-fi send an update to google and apparently now the nsa as well right um does everybody remember the swear

chart last time i presented have you guys seen the swear chart so of course i look for inappropriate language would you like to see the summary of the 2012 swear chart who doesn't love the swear chart so this is uh the top swears for the year uh of course as expected my wife came in at number one a bit of a potty mouth but hey what are you gonna do uh my actually this is deceiving my son isn't really second my daughter due to a change in equipment uh actually got split across here for a couple of entries so she's at she's technically a little bit above them i'm in there as well and then of course you

know there are guests in there now are you curious on what the top 10 inappropriate language used in my uh network is over the course of an entire year let's look take a look now this actually kind of threw me there's a whole bunch of porn word porn right it's classified as inappropriate language the other ones i kind of you know made sense a couple of them made me a little nervous but whatever uh you know that's life but i looked at it i realized oh my god like who the heck is talking about porn so much what's what's with all the porn when i drill down you know what it was it was actually my

wife on social networking complaining to many of her friends over and over again over the course of the year that she can't watch porn online because her husband will see it and that would be embarrassing i had no idea this was a problem she never mentioned it to me well and sure enough when i went to look i had to cut this off because i don't want you to see just how much porn my daughter watches we have a very uh open relationship with the kids i took this attitude at a young age to say you know what i'm not going to put these barriers up my kids whatever they want to talk about we're

very open about and the end result is i mean she'll not only surf all the poor she wants knowing full well i see it she'll come and tell me oh i saw it and it's like you have no idea who or how horrifying that is as a father to have to grit and go that's nice honey going to go in the corner bang my head again so off for a bit so of course she was right actually she was truthfully that that little hit is really just enough to qualify as porn ads from you know recite she never actually looked at porn well i felt pretty bad about that so i put in a very

special rule for her that says cindy can go to the internet for any sex related site and the firewall and by extension myself will completely ignore it we don't have to look at it we don't have to to do anything so i'm like honey surf all the porn you want i didn't realize it was a problem you probably should have let me know uh i didn't you know need to see it um but of course there's a problem right how does she know i'm gonna leave this rule in right i could easily flip it on her she doesn't really understand the technology in the i.t world that we live in we have these wonderful tools like

governance risk and compliance that allow us to track you know how people are you know based on standards we've got you know distributed you know uh a tiers of administrators that can monitor and make sure that we're doing the things we want to do but what happens you know when it's a home or when it's something you don't control because this information uh really comes down to people's lives it's not just information i'm collecting it's not just raw data there's tons of things going on in terms of what people are looking at and of course you know this is this statement couldn't be more uh i guess relevant based on the recent events we've seen in the news

of course what worries me when i think about this you think about what i'm doing on a macro scale when the government steps in the things they're doing there's all these you know oh of course they've been telling us for years we've got to secure the internet safety safety internet and we're going to have the isp store all this information because you know we have to be able to track it we have to be able to track what's doing and i ask you know i wonder what it is they're really collecting about us what it is they have in my own country we're just as bad it's not just a u.s thing this is worldwide

in canada canada they took this attitude of oh we have to have this bill where the isps are required to store all this data and this information uh because we have to stop the child pornographers and if you're not if you don't agree with this idea clearly you're a child porn supporter what a great way to shut up anyone from arguing with them right uh but of course you know this didn't actually work out so well for own victo's in in uh in canada he uh he actually uh attracted the attention anonymous who promptly doxxed him and exposed a fairy was having and all this kind of stuff maybe give a little dose of what it's like to lose your privacy

on the internet uh but of course they also had the altar effect where he he vic that up and goes well see because what an honest did we clearly have to do this it didn't really help us and of course i'm under no delusion of who's really driving this and what they really want to do with it uh they don't really want me to uh to protect child pornographers they really want to go after you know joe public sell information to the record industry entertainment industry there's a lot of powerful lobbyists like let's not be delusional there are alternative methods for this and the other aspect is is they believe that somehow there's this magic

electronic brain that can take all this data with really no context of who we are as people and make sense of it no oh well something bad's happening and of course this presentation was based on the concept of this could be happening i can now take this to oh this is absolutely happening uh they are collecting this data you guys have you seen the slides from this what a terrible template hey they couldn't invest in more you know 20 i i find it interesting that prism so of course apparently a microsoft yahoo google everybody is is now throwing out data to the nsa to the government so that they can have you know all the data and information they

need about uh well it's supposed to be to track foreigners like myself which is kind of funny because i already gave up my entire life to the us government so that i could cross the border unfeathered right and it's yeah it's a trade-off i made and actually it's pretty cool so i'm not really worried but you guys are of course wrapped up in the mix too um and of course now they're saying oh we didn't do it we didn't do it of course what else would they say but actually i i tend to maybe believe them because of the name of the the program prism they got a way to tap in fiber you think

there's any kind of connection to prism fiber i don't know maybe they're just figured out how to tap into these spots uh it's kind of interesting and of course the details they're going down to um skype really surprised me right skype's encrypted kind of wonder if the timing of the selling to ebay or or microsoft was right around when they suddenly were able to listen to skype calls and things like that but we go on and on of course now they would never abuse something like this right this is always to protect us that would never happen i found this actually happened in hawaii this was interesting the senator put in a bill that was going

to require everybody even like coffee shops to sort data so they could track anyone they wanted coincidentally enough she had gone through a situation where her web design she got into conflict with her web designer who hacked her email and i guess at that point realized the cops said nothing we could do no logs we have to fix that but that was clearly a personal vendetta and that scares me when people have this kind of uh data there's always going to be an element of abuse all right think about the massive amount of resources it requires to control this but the bigger thing that frightens me all in this is it frightens me more in

all of this is when you think about how this data is being collected and they've got this magic brain that's supposedly going to process it all and understand it and be able to call the information with you know oh we don't need the context we'll just know but i wonder how they can figure out what's bad and necessarily related to what's appears to be bad and by that i mean is this really some kind of nefarious thing floating by or is it some botnet that's in control of me they talk about chasing child pornographers do you really think child pornographers are going to store the data on their own machines are they going to store it on the

machines of the people they've hacked i know already we've already established the attacks are coming in fast and furious with all the security i have in my house i still got a botnet in there all right how is joe public possibly going to defend himself in this type of environment i think we well we know what's happening if they have to kind of reach us happy hopefully you get a bot herder that likes to look after your machine and takes care of you it's about the best they can hope for but is the government going to take that into consideration when they see traffic coming from your machine oh well it could be botnet i mean as security

companies we're challenged enough trying to figure that out and somehow the nsa and everybody else seems to tell us well we can figure it out it worries me a lot now in terms of what we could do about it um i'm afraid that so we here in this room and the reason we're here is we get it we understand just how ugly this can and will get unfortunately most of the other people i talk to just don't care don't know about it don't realize it and i think something we can do as part of a security community is we reach out to each other all the time and complain about this how often do you reach out to the

friends and family that don't necessarily understand this and make sure they understand because it's going to take more than us to actually bring this down to stop this sort of activity from happening so i want you to consider taking the time to talk to friends and family i normally shy away from it i tell i try to tell my family uh i'm i worked at best buy because you know you show up at the family reunion i'm like oh you're in computers i have this problem with my windows machine oh yeah we never hear that right actually i'll give you a tip for that i i carry around a usb stick with uh ubuntu on it and

they're like oh can you fix it i'm like oh i can fix that absolutely i go right in a slam the usb i reboot onto the usb stick and go there problem solved and they're like what happened to my pc i'm like oh no it's gone don't worry about it i fixed all your problems then they freak out for a while and then i go haha and i unplug it reboot back the machine and they stop asking me to even look at their machines just a little tip there but maybe it wouldn't hurt to reach out to them at the family get-togethers and say hey uh do you guys realize what's going on here teach your kids let them

know what's going on uh teach your family um before i get wrapped up here i think i'm getting close to the end um i thought i'd leave you with uh so one of the most asked questions i get uh is what on earth does your wife think of all this what how does she feel about this because of course she's had to live with this a long time still doesn't quite grasp what i do for a living so i thought rather that you know circumvent that rather than speak on her behalf i thought i'd let her tell you for me what she thinks of all this everybody this is my wife

questions cindy get from the presentation is what you and my family think of all the power control and monitoring the swear term all these things would you think of that level of security

put filters to prevent the kids from searching for weapons when searching for drugs or anything else i can't have an internet affair anymore like the rest of my friends probably because

why is that a big deal

but prior that

and how many times does that happen to you so maybe the trade-off between monitoring

okay so are you for or against this level secure would you rather i ripped it up tomorrow and left you naked on the internet no i like the security in terms of i don't get viruses and stuff like that but in terms of even the kids doing their thing online you know sometimes

and i think that they need to have a certain level of privacy because we didn't grow up like this i turned it okay relatively speaking my kids i'm sure will be fine but now they're monitored on this whole new level well uh well i agree with you that they're monitoring a whole new level but and we didn't grow up that but we also didn't grow up with access to this level of technology information all right so it's a whole new game for everybody and by the way if it's not me monitoring you know it's also our government politics bad guys anyway right so what would i could offer you an extra layer of protection on that as well

against the government well in fact i think you have some in the house don't you what kind of tv shows do you watch again which do you subscribe to hbo do you enjoy your hbo shows have you ever gotten an email saying hey stop downloading uh you're violating copyright have you heard anyone knock at the door or survey papers so there's a level of protection there too all right so thumbs up or thumbs down on the security

i could turn it off tomorrow you don't need to be clear and naked on the internet

so she grudgingly accepts it for uh what it's worth listen i want to thank everybody for your time i hope this was helpful informative in some way or at least a little bit entertaining and please spread the word make sure that everybody around you knows the kind of things that are going on because we actually have some serious issues coming upon us uh related to kind of monitoring then and if you see what i can do in my house granted i have again access to probably bigger stuff it's prettier imagine the kind of things they're doing at the levels above us so anyway enjoy the rest of the show everybody thank you to all the organizers it's fantastic and

let's have a great time guys take care