Re: The Game / ISS SCADA talk

[Tom Parker <tom () rooted net>]

Although I'm a Brit and therefore naturally charming (therefore not
needing such material;), a number of friends who I go out with on a
fairly regular basis have read The Game, and now sware by it. As
much as it pains me to say - it all works awefully well. Check out
the tic-tac-toe trick.

Just a few quick thoughts about the ISS ppt (I didnt stick around to
see the talk)..

1) When it comes to looking at this from a technical POV, I think
they're at least somewhat on the ball; making the point that most
SCADA kit can be popped using legacy techniques and that a 'real'
attack from a nation-state actor would not nessesarily leverage
an 0day.

2) Their case for credible threats against SCADA systems diminishes
from there on.. They admit that they have no visibility into the
nation state (or 'al qaeda' as they sighted in their slides) - so
why try? As my co-speaker noted in my talk earlier in the day; its
very easy to play the blame-bin-laden game; and ignore the other
potential actors which also fall into the nation-state bucket. I
think (and again, I didnt see the talk, so apologies if I'm not
giving due credit here) that the ultimate shortfall of this is
attempting to anticipate an unidentified and potentially non-existent
adversary, through the interpretation of a limited amount of data with
a western mentality.

Their concluding slide attests to the feasibility of 'cyber terrorist'
attacks against SCADA systems, though the use of limited skills. Well
sure, let's assume that's true. But who is to say that they would
have the know-how to operate the SCADA system on compromise (and the
number of other factors that might be associated with the ultimate
objective being a success). As a topic, I think it's a whole lot
more convoluted than people think once you scratch the surface.

3) Did they get permission to reproduce that Simpsons screengrab ;>

-Tom

On Mon, 30 Jan 2006, Dave Aitel wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> <!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom:
> 0.08in } -->
>
> Recently I read a book called ?The Game? which is a discussion of the
> psychological techniques pick up artists use when trying to approach
> groups, which they call ?sets?. Most people would find the book just
> full of funny anecdotes and insane ideas, but as I am impressionable
> by what I read to the point of being feeble minded, I spent BlackHat
> with phrases like ?AMOG? in the back of my head at all times.
>
>
> To sum the theories in the book up, you pick up a woman by becoming
> the alpha male of whatever group she is a part of. In other words,
> picking up women is not about the woman, it's about you and your place
> in society. They've documented many techniques for manipulating
> situations to become the alpha male of a group and named them all
> silly names. And, of course, this is BlackHat in a nutshell, since
> there's so few women at security conferences (not including Microsoft
> recruiters) that the last conference I went to they had to go up on
> stage and apologize for having no idea how to speak to Joanna politely.
>
>
> So after becoming burnt out on information security talks, I sat at
> the back of BlackHat Federal 2006 and cataloged a few of the more
> common AMOG techniques. For example, David Litchfield uses
> commercial-grade ?push-pull?. Halvar opens sets with false time
> constraints. I was giving my best shot at the cocky-funny technique.
> Dr. Linton Wells has a sophisticated wingman pattern going on. Always
> good to see people's games in real life. :>
>
>
> You can buy ?The Game? at your local bookstore. It's the one that
> looks like a bible that lots of dudes have flipped through before they
> thought about how they already knew everything there was to know about
> the subject. Myself, I always felt cheated this kind of material
> wasn't in the Psychology and Sociology texts. If you're too lazy to
> read paper, you can read about all the wacky theories on
> fastseduction.com. If right now you're thinking ?but I'm married? then
> email your wife and ask how she feels about being seduced. As
> Earthlink's kung-fu anti-spyware team would say, ?Two fives makes a
> ten?. Whatever that means. :>
>
>
> The point is: Get over the fact that these people are losers and just
> learn what they know. It's like what the Feds with their 2.5 children
> and houses in the Maryland suburbs think going to Defcon.
>
>
> With every conference I go back and examine the talks I saw and what
> surprised me in some sort of note, and this is that note.
>
>
> First of all, I expected to find Johnny Long not as funny as I did.
> But his volunteer talk on ?Hollywood Hacking? was quite amusing.
>
>
> Billy Hoffman's talk on web application worms was fascinating. Who
> would have known that XSS was on some sort of ?edge?? He needs to
> learn to speak slower though so those of us without a slow-time bubble
> can parse his speech in realtime.
>
>
> John Heasman's talk on ACPI bios rootkits has gotten two reactions.
>
> 1 Hoglund, myself, and others who like to write rootkits loved it.
>
> 2 People who don't like to write rootkits cited the versioning issues
> and general level of difficulty as being reasons this isn't worth
> worrying about. (Phew! :>)
>
>
> Adam Shostack won the award for best question at the keynote for ?And
> how exactly do you plan to scale up your process for analyzing all
> that source code you're collecting?? He's in some stealth-mode privacy
> company now.
>
>
> Joanna demoed a quicky kernel backdoor that evades all current
> detection tools and pointed out that reading kernel memory is not
> trivial in Windows. My favorite Joanna quote: ?Hiding a process with a
> rootkit is a waste of time.? Basically, not all rootkits need a
> process. It's a service you can OFFER as a rootkit, but one that makes
> you a lot easier to find.
>
>
> And of course, Halvar's talk was great. It was good to see him nervous
> and out on the edge of his stuff again.
>
>
> As for my talk, updated slides are on our web page now, and we've
> thrown a flash movie of the preliminary demo of our VisualSploit
> project up at http://www.immunityinc.com/resources-papers.shtml.
> <http://www.immunityinc.com/downloads/vsploit_demo/>
>
>
> In other news, the Immunity Unethical Hacking class is full now
> (sorry), but we'll have another one in late May if you missed this one.
>
>
>
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFD3lF7B8JNm+PA+iURAjESAJoCip4UIVDnpdvWEKiF/GcCa2VgDgCfRPao
> siGW0Ip7dZhKogu3FWi2GpE=
> =66h8
> -----END PGP SIGNATURE-----