Transcript *White Hat Anonymity*: Current challenges security

“White Hat Anonymity”: Current challenges
security researchers face preforming
actionable OSINT
Christopher R. Barber, CISSP, C|EHv7
Threat Analyst
Solutionary Inc.
Security Engineering Research Team (SERT)
Introduction
• Member of Solutionary’s Security Engineering Research Team
(SERT) specializing in threat intelligence and analysis
• Research and discovery of emerging threats and
vulnerabilities
• Use of Open-Source Intelligence Techniques(OSINT) for
tracking threat actor activities
• Analysis of threat landscape trends monthly
and high level analysis annually
Outline
• Challenges
• Establishing Anonymity
• OSINT Tools and Techniques
• Sources
• Information Sharing
Challenges
• Anonymity Challenges
• Source Information Challenges
• Intelligence Sharing Challenges
Anonymity Challenges
• Security policy prohibits the use of 3rd party VPN
providers and access to TOR network
• Lack of funds, resources and personnel for the
development of secure anonymous channels.
Source Information Challenges
• Large volumes of information from a diverse
collection of sources
• Being able to discern between valid
information and injected disinformation
• Personnel and Resources
Intelligence Sharing Challenges
• Conflicts between organizations due to
differences in security policies
• Lack of security from collaborating
organization leads to pivot point for
compromise
Establishing Anonymity
• Having an unknown or unacknowledged name
• Having an unknown or withheld authorship or agency
• Having no distinctive character or recognition factor
• Being able to gather information in a manner that does not
reveal your personal, professional, or organizations identity
Digital Paper Trail: The bread crumbs left as we
traverse the cyber domain.
• IP Address
• User Agent
• Cookies
• Behavioral habits
Anonymizing Service Providers
•
•
•
•
•
•
Private Internet Access
HideMyAss
BlackVPN
IVPN
AirVPN
TorGuard
Anonymizing Virtual Machines
• Whonix
• Tor Middlebox
• Tails VM
Whonix
Tor Middlebox
• Works as proxy between host machine and
Virtualbox
• Routes all VM traffic through Tor proxy on
host machine
Tails Virtual Machine
Open-Source Intelligence
• Collection and analysis of information
gathered from publicly available
sources
• Sources involve any form of electronic
or printed material available in the
public domain
• Intelligence is obtained through the
statistical analysis of the occurrence
and relationships between pieces of
information
Tools and Techniques for OSINT
• Collection Tools
• Search Engines
• Social Media
• Intelligence sources
Collection Tools
• Paterva/Maltego
• Recorded Future
Maltego
Recorded Future
Search Engines
• Google Custom Searches
• Iseek
• Addic-to-matic
• Shodan
Google Custom Search
Google Custom Search
iSeek
Addict-o-matic
Shodan
Social Media
• Facebook
• Twitter
• Google+
Dump Sites
•
•
•
•
•
•
Pastebin
Reddit
AnonPaste
PirateBay
Zone-H
Pastie
Honey Pots and Nets
• Provides automated method for distributed
traffic analysis.
• Provides early signs of malware or botnet
activities.
Intelligence Sources
•
•
•
•
Cyber War News
The Hacker News
Darkreading.com
FirstHackNews
Shared Intelligence
• Intelligence Sharing Organizations
• Intelligence Assimilation and Sharing
Applications
Intelligence Sharing Organizations
Intelligence Assimilation and Sharing
Applications
• Structure Threat Information
eXpression (STIX)
• Trusted Automated eXchange of
Indicator Information (TAXII)
• Common Attack Pattern
Enumeration and Classification
(CAPEC)
Intelligence in Depth
• Intelligence research and analysis
should be practiced with the idea of
“defense in depth”.
• Validity and actionable predictions
can only be made with the collective
analysis of multiple sources.
Solutionary’s 2013 Global Threat
Intelligence Report
http://go.solutionary.com/GTIR.html
Solutionary Minds Blog
http://www.solutionary.com/resourcecenter/blog/
Thank You
Questions?