PG - Broken Arrow: The Enemy is Inside the Perimeter - Will Baggett

thank you I know we're on the clock I have a lot of material we're going to cover in a short period of time Murphy happened with a projector yes that ever happen they all happened just now so in the 1960s in the Vietnam conflict when a position was overrun the u.s. targeted screamed of call Romero use the microphone they would use the command can hear me out all right thank you yeah we get smoother from here they would screen the command Broken Arrow asking for help from any and all available resources in the area even something as small as a snus assessment overhead could spot the advancement of Henle troops so our guys gonna get out

safely recent that ties back into this desktop has become fix my situation we're not rebuilding desktops for anymore we're not putting in Pentium to spending threes we're not putting in graphic cards it's my ex knows where my text messages are my ex knows what I'm doing all the time they're able to see my emails how is this happening urine you just came back from DEFCON you came back from these sites can you help me of this and as I've talked to folks prepare for the presentation every single one has said yes somebody's approaching for this exact type of request in its own nature we want to do something we want to be able to provide the help to these

people that say even finally have 10 minutes I can at least give you a triage to start to mitigate the hemorrhaging of the danger if you don't have much time or if you don't really want to get involved the situation Christopher Cox is a fantastic resource at go ask rose calm there's another book the smart girls guide to privacy both are fantastic resources forever just a limited interaction his he said on will baguette former CIA officer and current digital counter intelligence instructor in Europe it's actually weird sitting online though a former banker fraud investigator and I've learned that bringing all these together the digital counterintelligence the fraud investing and the operational security into a domestic situation whether it's an

abuser situation a bad breakup whether it's you or someone else will just call the adversary it's a one-size-fits-all term and as we go through this we'll take the information security principles of data availability data integrity and data confidentiality to make that cool CIA triad and we're going to rebuild it to make it control the environment watch for identity theft and data availability the most important of these three is to control the environment if you don't control the environment your perimeter at your data reporting identity theft and having a backup copy of the one driver shows something horrific happen at home doesn't matter and from this we've got personal security data security and family disclosures well

touching all three of these in a minute the most important thing though if you are in a bad situation or your person is a bad situation you get them off the edge you get them out of danger you provide somewhere for them to go you call the police they don't have to stay in the situation we have a meeting oversees the operations officer met with an asset it went south and we were doing post feeding analysis back in the office and the station chief said no bad situation ever got better by sticking around that same model can be applied to the domestic front as well it's not going to get better make a choice to get

off the eggs to get out of danger and move on a couple of suggestions if you want to get off the X you have a bug-out bag packed ahead of time let's see some people nodding so I would keep your electronic devices with you your credit cards your ID whatever that might be before you live copies are your computer and your phones but is there stock or are all these devices now avoid us Veronica yesterday in the dryer run you might want to consider keeping a prepaid cell phone and prepaid credit card somewhere else off-site so even if you did leave the environment you have a back-up plan with your contacts in there so you have

somewhere to go and then the question comes but what if they leave and this is more of they've left you're in the house you're gonna be a part of the condo whatever first things first you change your passwords and it don't just change your passwords you call the locksmith we've got a lock pick village out here locks aren't that difficult but legally if somebody breaks it a lot when you've changed the locks and you've left the premises the law enforcement is going to respond differently to that then someone just letting themselves back in the house and teacher to write your loan access frequency a lot of people just have it button on your car push the

button where I chose a lock here into the house so you'll want to change that and not even that there's some garage door keypads that have the reset code on the flap so if you forget your passcode you just follow the steps right there and you can reopen the garage door that makes no sense it's very helpful if you forgotten your code but if you don't want someone to come in your house security questions so the locksmiths other way you have a known safe machine we just want us in here for the speaker at all we have a safe machine change your passwords and your security questions but it's okay to lie online you don't have to use honesty when you

have your security questions because the adversary knows the answers so why about things where's your favorite place to go on vacation you might have got somewhere that was terrible but that lie about information what was your first car 1984 Plymouth station wagon Chevy roadster right laia that fence where did your parents get married Botswana I don't know something other than the truth that can be found on ancestry.com Winston Churchill said the truth is protected by a five yard of lies that applies in this situation as well there's no shame in lying to protect your digital privacy on all of your accounts so the next thing I do is gum up get on my Wi-Fi router change my

password and while I'm there I'm going to look to see if there's any other root access to vices on the machine is your Wi-Fi camera in the house is there a bug is there a listening device first thing take a screenshot if there is then disconnect access and the last thing I wanna do is keep a copy of the Wi-Fi router logs this audience probably doesn't most people keep their cellphone saying their true name cellphone their true names I found their trains Android so if you have persistence coming into the house of the adversaries buddy and then you see the device showing up on the network for the road camera well that starts with some evidence you can

use down the road right now you're the only person with its information we're going to talk about how to save this and legal disclaimer I can't begin to show you how to click the Wi-Fi router logs it every model out there so for perpetuity look it up on your own but this is just a marker for when people look at the presentation later remember to look it up to save your log then we'll keep it off-site okay no Wi-Fi routers change the locks don't swap around the house on my iPhone on that guy for good for bad in front of a crowd it didn't work I work fine at home performance issues I would go to my

settings Apple ID settings and down here when you're online you can see the number of places your iMessage traceur sync so my messages are here on my Mac Pro and my older Mac Pro so I get dropped copies of my messages here here and here that's great for me I then multiple people will come in and say my ex knows what I'm doing and just these two steps we'll look we'll see it's her iPhone and then her ex-husband's iPad her ex-husband's iMac we take a screenshot for evidence and then we disconnect them very simple it's not high-tech hacking it's common sense so over here find my phone nebulas iPad nebulas iPhone X and natal is ipod

touch nebulas MacBook Pro same thing you've now got to speak and walking around with you that the adversary can see where you are and what you're doing turn it off disconnect it next thing I do is make sure to share my location is off family sharing is off you don't need to share your notifications your updates your foes with the myriad of Apple devices out there right now just keep it turnoff if you're on Android video your recently used of Isis and all scroll down the list and see where your login with your Gmail account the same principle occurs with your messages there take a screenshot if you find your to by your messages are somewhere they

shouldn't be then disconnect them and I think Google is a little bit more sensitive than Apple in that you've got Google take out show handsy by Chloe if Google take out it's a log of everything you've done since you open your Google account every email sent receive deleted draft Wi-Fi location map location everything and once it's gone it's gone so if the adversary has access to a shared computer they download your Google takeout they have everything so we'll turn that off Facebook some people for Facebook I hear it's a social media platform we'll go to account settings security active sessions where else my logged into Facebook Facebook is very invasive where they want you to have data being shared

so you're always connected take a screenshot if it doesn't look right and there's one particular function a Facebook that would be damaging in these situations it's your call data records I believe it's t-mobile and Verizon keep records up to three days of your SMS content no other the u.s. cell phone provider does Facebook though keeps your entire all data history SMS history to include your content for at least up to a year and that's something if they have access to this they've got the full body of life for what you've been doing so you'll want to make sure that's turned off and just to give you an idea of what I'm saying change paths or its how easy

it is it to recover if you have a Matt you open keychain I've got infused 2017 here's an example click on the Wi-Fi password well come over here click on show password we'll put in our system password if the shared machine they know what it is right there in clear-text the password for infuse 2017 was guidance methodologies rinse repeat for your Gmail your Twitter your LinkedIn wherever you've saved this password it's going to be readily available for clear text recovery so you want to make sure you delete it in a high safe persistent and thorough a neighborhood bought a 65 inch Smart TV I bought it off Facebook marketplace and she found that Netflix and Amazon was still logged in by the

previous owner persistent and thorough we talk about risk of family and friends if you're removing your digital footprint online and your family and friends need to know not to put your information online so that you're being seen in track Oh Benny went down to this restaurant sure nice for this well now your stalker knows where you are just starting to control your data here risk durian doorbells the ex can see who's coming and going from your house unless you remove the password Amazon Alexa it records every time you'd ever said hey Alexa it's got the data before the data after so they can watch when your other person comes goes from the house they can hear all the conversations around

the hey Alexa and not only that if they still have access they can disable your smoke detector disable your burglar alarm that was the plot line for CSI cyber back in 2012

financial risk if you're going through this conflict turn off your Amazon chair to kill so that they can't rack up your credit card charges rub the deplete your debit card because you're still connected together you have implied approval we still haven't touched game thing that works with forensics or any coding this is all just do we driven very simple steps to take on a Windows machine just stood a view printed file and now whatever they've done you can see the files they print out before they left or conversely if you leave a printer behind they can see the data you've been praying to plot your escape on the Mac you've got a bar full cups and the files that start with

D this one over here the D indicates it's a PDF can be recovered and the ones that start with C their metadata is still available you're in a strengths command against that and you can see that this one file that was friend was a world market ok great however what else is through here and if I run something like a disk drill program to recover the deleted files what else is there it's a track show of hands he might hurt a superhuman it'll couple people and allows you to see when the user opens the email geographic location and the IP and the number of times they view it so if you're fleeing the stalker they enable superhuman we can see if we

need open that if you couple that with ducks in for Outlook I can see how many times you've opened that PDF the number of hours you saw the PDF that sections you skip so if you're going through a legal battle I can know how many times you open the email or you read it what sections you worry about what six and you're glossing over there's our simple risk mitigation print it work with paper another thing to consider is the man-in-the-middle real-world addition inform delivery by the post office if you have the right credentials like living in the stair chair house to somebody you can see PDFs and JPEGs of all the incoming mail so if we know

you're getting a check because I got a PDF saying you're getting a check from the bank I know to open the mailbox on exactly take the check out take the bank statement out though the attorney letter out you've never received it so you know the post office talked to the postmaster very simple navigation just be aware that it's there as far as tracking shared calendars if you sign for something like a trip it travel managed app or your confirmation number your travel itinerary is shared out to the world if your ex was part of that getting this information so if you book a trip Delta comm since this to trip it you're now going to have this shared out

to the ex make sure that's turned off Twitter spoofing okay so 20 from South Africa Belarus Hawaii kingdom of saudi arabia moscow dar Salam that's great that's obviously think I didn't travel that far tweet but but it is true from Kim Fowley comm is the thing you've got on using I'm using an icon so you signal you store the drug is right but if your devices are compromised with something like flexi spy calm and your attackers getting all of your data use personal meetings leave the devices behind have nonverbal paroles range of family members putting itself yourself on facebook with a red shirt might indicate to your friends and family that you need help to get out of situation immediately

that would be something peering into for time so does anybody ever introducing a bug installed in the house its Murphy and I'm running out of time it's a great video so me a lot [Music] put the SD card in cover the SD card camera microphone connected to power now you have your own personal bug in the house the good side is you've got a tree at collection power and storage if you're going to constantly broadcast and collect data like this 1080p fellow that broadcast over Wi-Fi to the cell device when it needs constant power for its mitigation to unplug it call the police at you ring bug the 720p air freshener runs on batteries SD card Sammy asset

physically collected sync to the you know speed drive that's actually microphone what would come and go from my house if the kids a nanny cam because some mom's house every two weeks it's children surfs mom she's all of her passwords keystrokes observed by the bear goes back to Dad's house SD card comes out and now you've got a mobile listening device in the house sorry I get it this is too much I'll order a pizza even Domino's has your current location your password your credit card and your new phone number so when I say change all the passwords I mean all even the low-hanging fruit so they've got closing companion contact to you there's a high

risk of identity theft at this time for opening accounts in your names the government has a great thing called IBM e v gov it's very binary AP identity theft you log on on a clean machine you report it you get an incident number you're able to use that so that you have data availability you don't have the implied consent because if it ain't documented in eight you have to report things as they happen so if you have the bugs in the house if you have somebody watching you monitoring you report it to the police report it to the authorities or report this keep your data you'd have the only copy to see in the world

so think pace primary alternate contingency emergency the primary goes to an attorney back up might go to the safe deposit box another copy goes to work and the last one that you want to work with at home that's great if something happened to home you've got three other copies stored somewhere off-site in conclusion you want to be firm friendly final and fair is you approach this process and help the other personnel we have the stigma of being hackers if we do something like try to get that someone's account the law probably won't favor us because it's what we consider our capabilities do the right thing help them get off the eggs cleanly so that they're not being stalked and you're not

putting yourself at risk by doing something that's unethical the too long didn't read version change your passwords change your locks report everything to law enforcement and document events as they happen we've got two minutes for questions find it out is there any organization that works with people to help them go through this process podium go ask rose has Morgana's or more links to this yes I came in a little bit a little bit late so I might have missed it but did you talk about password reset questions else is gonna know why why about your location why about life events lie about intent just live they don't have to be accurate yes ma'am

so I volunteer with the Public Library System and I work with a lot of people who are in situations like this and they also have like social workers who hang out in the libraries to help people with this and a lot of times you know I have I don't have a system as nice as yours but I try to talk to them about these things and I just get that look of panic like totally overwhelmed like oh my gosh iPhone settings where do I even start like it's so overwhelming for them do you have tips on how to pass that okay yes the presentation will be available for that fabulous thing thank you for what you did that's amazing

one more question so actually it's sort of along the same lines as hers is there by any chance a single page handout to for example put to make available in counseling services like at my school or sometimes they'll have things like the domestic abuse of violence awareness business cards please grab one is there a very small small classroom I'm sorry yeah again go ask Rose they have all those resources Chris has done a fantastic job all right let's give it up