Sentry: or How I Learned to Stop Worrying and Delete My Accounts

mocchi all right get that maximum performance back right now so I could see cool good morning everyone and today I'm gonna be giving a talk about sensory or how I learn to stop worrying and delete my accounts I'm Michael West I also go by Taber kitten and I look in Dallas Texas I work at a tiny little startup that nobody's ever heard of called cyber-ark I'm just doing kind of like consulting type stuff I've been doing IT I've done DBA I've been a software developer and now I'm doing InfoSec but then I'll professionally for about six years now and then some a little keywords about stuff I'm interested in like space and Twitter and barcodes and storms and stuff I'm from

Texas so this is lower than my first time ever seeing like an ice storm warning so I have no idea what to do I'm driving a Subaru so I assume I'm okay and there's proof I do leave the house on occasion at the Space Shuttle - so does anybody remember this gift it caused a big shitstorm last year and it's because Trump tweeted it so you can see I mean like 350 thousand retweets 580 thousand likes and of course it caused a big kerfuffle because back in what is it July when I was tweeted things were going kind of tensed between the mainstream media and Trump and all that jazz I'm not going to get the

political stuff I just want to show this an example well the funny thing about that gif it was posted by a Reddit user and after this Reddit user you know he just posted it because he posts gifts and stuff and then Trump tweets it no nobody really knows how Trump got the gift does it was he reading reddit or just you know where did it come from we don't really know but CNN figure found out who posted it who created it and so what they did is they docked him the users busy use name was Han [ __ ] Silvo and I love that they censored out [ __ ] right there but more or less

this guy's just posts you know kind of a lot of racist and anti-semitic gifts and imagery's and stuff on reddit and you know it's not really under his real name it's under a pseudonym but CNN found his account and then they found who owns the account and they kind of I mean this isn't really like official but they more or less blackmailed him into apologizing or else they were going to publicly that mock dachshund I don't think they ever actually publicly doxed him but he did apologize and how did they find his information and they used you know bits and traces on his reddit account you know even though he was just posting on this this random reddit

account and just like left a little bit of trail of information the journal was founded and this at least moved to a farm phenomenon I call kind of incidentally becoming viral here we have Sarah O'Conner talking about a robot killing a worker ewww plant in Germany which haha sorry O'Conner terminator and you see it she could get got her some attention you know and she tweeted like I'm just a journalist guys you're probably not gonna be interested I talked about like work stuff in Germany but this happens to quite a few people I mean we had Ken bone back in 2016 election cycle you know everyone loved him because he seems so innocent and sweet and all that on

the TV interview then he did a reddit AMA using his reddit account that he looked uses to browse porn and so people found that he kind of likes em drag porn and he was commenting on it and stuff and his you know it's like it's like who cares he did and they're just into that stuff but because he became incidentally infamous people found that account and they linked it to him and I was talking about all this weird stuff these into and welcome to the bone zone could probably use a rebrand and this is includes InfoSec researchers you guys are familiar with Marcus Hutchins or malware tech or malware tech blog on Twitter he's that guy who does a lot of

cool malware research he when wanna cry first came out he took apart the code founded it reaches out to a domain and checks as the main exists now the reason for that is Easter that's trying to detect if it's in like a sandbox environment well he goes ahead and registers it oh they forgot to make the code to make it random so now wanna cry was kind of stunted so for any machine that had internet access so he was called the wanna cry hero because he basically disabled it because of a bug in their code not only did he disable it but then he started doing research and you know he he tracked everything that

came to that domain and published it so great stuff he actually got doxxed at because of that unrelated but he's like how old he is but he he lives in like the UK works with lives with his parents and does likes freelancing stuff you know he's not like a big spender anything well he came to Def Con last year and literally the day that he left at Def Con he got arrested by the FBI who claims he wrote the Khronos virus for which is used in banking malware now I don't want to say like whether he did or not cuz I have no clue I don't really into the malware scene but what happened just because you know while he was in

Vegas I mean the guy lives with his parents in the UK but he came and like you know did some cool Vegas stuff like I would love to do this stuff he rented a super car I went to a shooting range literally does that's like cost like 500 bucks to do that first thing and I'm like you know 100 bucks do the second I mean I know I'm from Texas so you can assume that like I've shot tons of guns but I only shot guns twice in my life but you know when you're Vegas it's kind of like what you do on vacation and he posted these things kind of innocently well of course then he got arrested

afterwards and while he's arrested can't see his phone can't do anything else really and what happens in Vegas can be publicized after your arrest some magazine there's some news mount internet news sites we're talking about this is wanna cry this big bad this big bad he was spending big in Vegas before he's arrested we're not saying he's guilty but I mean wouldn't a guilty man drive a supercar I don't really get to the logic behind this but it's what happened and this isn't just limited to you know being arrested by the FBI it can happen just because your name gets in the news so I've always wondered like what if it happens to me I'm a pretty

paranoid person I feel like to being InfoSec you need to be paranoid because that means you have a low risk tolerance and I've got a really low risk tolerance so my risk dance is kind of an optimized everything's kind of tied to my name and everything's there and even my website has my phone number it's Google Voice but all that's public so what is something like this happens and this is a real article about a michael westen lives in st. Louis is like 40 years old so probably won't be too confused with me but actual pedophile in st. Louis is the same exact name same initials as me what if it was not a 40 year old and st.

Louis what if it was a you know 30 year old in Dallas who maybe it was like a nightie that could easily be connected to me even though it wasn't really me that could just you know suddenly you know I've got reporters calling me I've got people going to my parents and stuff you know you literally go to my Twitter click on the website and you go to my facebook and then find my parents and then start messing with them so there's really I would say it's it's not an optimized risk stance I'm paranoid but I'm also a pretty public person so the current solutions and the name of this talk century or how how I stopped

wearing a deleting my accounts based off the Stanley Kubrick film dr. Strangelove so the current solutions are censorship you can just like make sure you never post anything that could eventually become against you you could compartmentalize stuff so you know if you're worried don't make your pornhub username the same as your Twitter username kind of simple stuff like that I mean you can also do what I call become a hermit and that just means either don't use social media or you just like go under a student in the entire time I mean that's okay or you just make your account private but I feel that most the value of social media the reason I love Twitter is

because you can engage in conversations with people in the community and with the especially in this security industry so if you make it all private you're losing that benefit and then finally what I just call nihilism which is where you don't worry about it which I'm guessing most of you probably fall in that category unless you're kind of paranoid like me but I wanted to present a third option because I feel like these these aren't great these are the situations where it's like no in like in dr. Strangelove so something different is called century so century is an application I wrote that watches for certain criteria that you specify so something like a tweet a

trigger phrase it's kind of like a safe word but the opposite or maybe one of your tweets gets a thousand retweets or more or you specify it to ten or more or whatever it's your threshold or maybe gets a ton of likes or something yeah that could be unusual you know maybe you tweet a good joke and it just happens to go viral and tens of thousands of people are looking at it you know think of the Wendy's Twitter guy look like got two million retweets about chicken nuggets and like imagine it's making something simple like that and somebody blows up in your face some people may like that but you know that can bring a lot of

unwanted attention especially if you're like me and you've got kind of a public stance so what century goes and it can also be tweeted but I also run by your own script as well so if you have your own like weird scenarios about when this moon is in alignment with the stars you can do that too but it triggers a cascade of actions and you can customize different actions for different criteria some of the things we can do is for example lock down your accounts maybe set your Twitter to private you know turn off your website so like nobody can my website where I had my phone number and stuff like just to make that go away

temporarily obviously and then you know if you don't have an option to like make a cut private like quitters got that reddit doesn't you can't really make your account private except by deleting your comments so I can do that too that sports not quite in there yet but that's an example of one thing we do and finally we can just you know straight up the lead accounts if that's the right option now I give the example of the gay Paree account here it's not because I have anything about gets fries or anything but I know there are a lot of people and the fries a great example of fandom where they're they're like there's a

different persona for the like the they use like a private account like not attached their real name like for the furry stuff and then they have a personal account with the regular stuff you know maybe this don't want to mix the public and the personal but what if you're in a scenario or like I guess you could say [ __ ] hit the fan and you want you like you need to clear that link because maybe you're getting too much attention and you're worried someone's gonna go find this maybe that'll be detrimental to your career your life or whatever so we can just delete that account if we need to so the nitty-gritty of it it's coated in

c-sharp but it's using.net color which dotnet core is Microsoft's open source version of the.net CLR so it runs on Windows Linux and Mac haven't really tested on the Mac I could use some report feedbacks on that but we basically can figure with just some JSON and it could be called by other scripts as well we're using selenium to actually automate websites when that's available and then rest sharp whenever we need to do is like a JSON API and there's a simple example of one trigger this doesn't include everything in the config file that's pretty basic you can see when it says wing attack plan R which from dr. Strangelove and it checks my public Twitter and when my public

Twitter when it sees that's posted it will lock my public twitter and then my sinful twitter maybe that's my gaper account or whatever it'll scorch it which is what i call for like deleting all your posts kind of like scorching the earth and then they'll delete the actual account so we'll just log onto pritter for you and click delete so let's do a quick demo of sentry and what it looks like the whole point of doomsday machine is lost if you keep a secret in this case you might want to keep this secret anyways but so we've got three twitter accounts here one this is my regular account t3 h-e-b 3 RK one tten and then we've got this random account

and this is just account just to mess with and play around with so it doesn't like delete my entire twitter history this is just rubber kitten calm and it's just got a couple tweets here nothing really nan nothing really useful and then we've got this other account the sinful account that's delete me sent by and we're going to be leading that one later so we'll look at our config JSON right here and we can skip through some of this what we're gonna do is we're gonna trigger when the tweet contains at b-sides Rochester so we also have this in here but I don't think we're gonna hit $10 or retweets so what's gonna do is just gonna check my main account

using the API I'm footer does have a great API it's just not perfect for everything for example you can't delete your account over the API so we have to scrape the webpage but here it's gonna be checking for the API it's gonna be looking for this string it's also be checking for these but we're not gonna hit those when that happens what it's going to do is it's going to go to that uber kitten comm this this second Twitter count right here and it's gonna squirt it's gonna lock it so we'll see that account it won't be visible from the public then it's gonna go to my main account it's gonna post a nice little

message and then it's going to go to my website and I don't want to take up my website right now because I do link it in the end or else I would so instead we're gonna take out sentry M list right now it's 42 5.5 5 5 and let's assume that's correct I know it doesn't go anywhere I'll show how it changes just so you can show how you could change your route domain or www so look it started so we'll go to center here and I know I'm using Visual Studio here but of course you can run it from the command line but I like clicking a button so several things are going to happen when

we do this when it starts up where it's gonna load the services and it's going to start verifying them now it verifies them to make sure that they're all the you know it checks the api's but there's really not anything to show there and then it's going to check that it can log on with selenium now since we're in debug mode we can actually see chrome here but in release mode it runs this headless so it doesn't actually show anything but it's great for example here so here it's just simple logging in as uber kitten calm types in the password and then it verifies that have logged in and then there is a second Twitter account in there that

delete me senpai one and next when it finally gets around to it it's gonna start logging into that one a verifying it to see right there it's verified the API and that's verifying the web and this verification process is just to make sure you didn't mess up in your config file so you know that before you actually need this kind of thing so next we log in is delete me senpai and we're set and each these chrome processes is running completely separate completely separate cookies so you can have as many of these this Twitter will reasonably allow you to have or as many as your hosts for action today so now these ones are sitting here and we're starting the

main loop and we also verified the cloud player so what's happening is every 15 seconds because of how this is configured it's checking those two things we are checking this criteria right here so we're just going to simply say what's up besides Rochester that's gonna happen and we'll see how long it takes should be about less than 15 seconds hopefully oh it's already detected it so now it's going to post a Twitter status it's gonna update my a record and it's going to lock this Twitter account fixie checks the button types in the password all right there we go and flocked so now we'll go over and we'll verify that so we can see right

here hey look a tweet y'all can see I didn't type that so let's mean it worked and then this account lubricant calm account the one we wanted to lock is now locked so we can't see the tweets now you'll notice that it does still have the tweets there so even if you lock it that doesn't mean the tweets are gone so what can we do next we have a second trigger here you can have as many triggers as you want as many actions as you want and we're doing is wing attack boy in our from dr. Strangelove that was the command they gave to send out all the bombers to nuke Russia so here we're

gonna use that to delete our tweets and delete our Twitter account so as soon as I type this again on that same account and it doesn't have to be you know the whole street tweet it can just be part of it it's gonna check my uber kitten account and I record one on that uber kitten com account it's gonna scorch it so which I said before that means just go and delete all the tweets currently there's four but I've tested it up to several hundred Twitter has a rate limit of like nine hundred every 15 minutes so it can go through pretty quick unless you have literally thousands of tweets then it'll just wait after it gets rate

limited and then we're go to delete me senpai on the web interface and we're gonna delete it now Twitter kind us the Facebook thing where you deactivate your account and then once you log in with the same username password within 30 days it reactivates it so if you wanted to implement this I would recommend using scorch first and then deleting it that way you can make sure your tweets are actually gone if you really do want to get them gone but will still delete that account so now all we gotta do is tweet this fun little phrase what could go wrong and we'll go back over here and wait for it okay so it's just that was

just the output from before when I was running and we're just waiting for that 15-second loop normally you'd have it longer than 15 seconds but you know in this case we wanted to do it quicker so you can see the right darris deleting my Twitter statuses on that account and here it's deactivating delete me senpai sad face goodbye and delete me senpai and it's gone and so now if we go back over here we can see well it's this one tweet but that's because what our twitter always says that if we log in as that account which we are right here we look the profile all the tweets are gone even though we just saw them over there and

delete me senpai uber kittens sinful account right here where I'm just confessing distance unsavory activities don't mind me is gone now of course as soon as I log in again it's gonna reactivate this account but I assume if you're deleting it you're not gonna want to do that or you may want to do that I mean if you want to delete your account just reactivate within 30 days just don't take long in 30 days or they will release your username so that's most of our demo right there oh and one more thing do we show the we didn't show the change in DNS forgot that one earlier so here we've changed it to one three three

seven so you can see it did update my cloud for records if I'd set this to like my WW or the root domain it would have field access to my website that one's all working we'll go back over here so just a couple things there's a lot of features in this but there's also a lot of stuff that's still working to get in progress the first one right there is called just [ __ ] my [ __ ] up fan mode and we'll get in that next slide but this current features you know we've got Twitter by the API and via the web we've got CloudFlare to update and delete DNS records and push over push

over is a notification service well that was all running I got notification the century has started that this service has been triggered the service has been triggered and that's eventually gonna be used for multi-factor support currently can't do multi-factor it's kind of tricky because of the way this is designed to be set up on a server somewhere you don't want to give that your TOTP codes because what if someone gets into that machine and speaking of getting that machine what we're gonna do eventually is add conger support so you can store your secrets securely and easily away from the computer where this is running on so it'll call the secrets whenever it needs it and doesn't

actually to store it in this plaintext JSON file but you can see I'm like I've got this one over here and then I got clean one here where all the secrets are removed it's just gross and nasty so that's coming away very soon but next up we're adding multi-factor reddit's and email because I get a lot of requests for making this a Deadman switch now eventually this is gonna be clustered so you can have like dozens of these programs running on different machines and they'll all play nicely in figuring out who should do everything so that way if you know something goes wrong or Internet's a blocked or something they go still work but that makes a Deadman switch

kind of tricky because now you've got like 30 machines that are all gonna be pinging you asking you are you around so there are other services that do Deadman switches and pretty simple just gonna integrate with them by email they can send an email when you don't respond so if you really do want to have like a I haven't responded in 30 days so email and then have this thing actually go and delete your account or you know you can use the calling it just by yourself mood thinking of which just [ __ ] my [ __ ] up fan mode so this one is pretty great it's great for testing it's also great for just automating what this will do is

just it'll run every action configured so in this case that config file if I ran it with this it would go and post on my Twitter account it would delete the delete me senpai it would lock the uber kitten comm it would delete all the tweets and never get income and it would just because we do all that ignoring any kind of trigger so it's great if you want to run it from your own script and you can just pass in your own config file or just some JSON so just put some JSON together call it this so that we can just run you know you don't have to deal with the using selenium and stuff

if you just want to like lock your Twitter account because you ran a Python script go for it and then conjure which I mentioned just want to get into a little bit it's a a by my company it's open-source they can basically store all your secrets somewhere else on an encrypted server and then authenticate requests for that this is what its gonna look like but it still have some trouble because dotnet core is a little bit funky so you know I have to I have to actually convert the API that they use to.net core I'm still working on that that's what it look like eventually so then your config JSON will be clean of Secrets so the code you can

get to it there on that github link and if that's kind of hard for you to type you can go to end of est watch github a little bit easier remember and me I'm Michael West you were kitten as I mentioned here's what it looks like on github and so we've got some features but here let me go over what it looks like to build and run it so building I highly recommend at this stage right now you have a little bit of programming experience it does have to be a lot just to kind of troubleshoot and see what's going on I'd recommend building it yourself because you really want to trust random dll's from someone on the Internet to

handle all your accounts and stuff I just built it like an hour ago and uploaded it but you know original studio has a free communication so you don't have to pay for it anymore and you can run down eight core apps if you just want to run it or maybe you build build the binaries yourself and put it on like your Linux machine then you can just install the.net core runtime grabbed a chrome driver for Windows there's one included for other machines it's just as simple as going to this link right here and then simply it's just dotnet sentry DLL dotnet core is kind of funny and that everything is like a dll file and

then you run it with net the command itself make sure to have to edit that config file there's an example config file that has literally everything supported which is kind of overwhelming but there's a lot of stuff in here for example here so we can change the CloudFlare with the red X's but once you edit that other things it has a integration with n log so all this stuff is actually at the info level so n log allows you to configure like say you can set errors to go email you so every time this has an error it can email you the whole exception everything that's going on or maybe you can have it go into a

log file text file and have it rotate and log is just like a super configurable way to set up that logging the other thing is make sure that if you have trace enabled that you keep it secret keep it safe because trace level includes your secrets and then finally you're still working on that multi-factor support so when you run it in debug mode like I did here it does start up a server doesn't do anything yet should have put that in a branch oops oh well that that is century and there are the links if anybody has any questions or thoughts or feedback I would love to get some feedback on what our services to add because for me it's

like Twitter and reddit but I'm curious what what is it for you guys

don't oh [ __ ] huh cool they used to work unless you're broken it sometime well I guess let's have to go the hard way and type out the whole t3 h-e-b 3 RK 1 tten or just search over kitten but any other questions in your feet comments or feedback awesome let's get you guys to that keynotes [Applause]