Camp 2011 - Version 1.4

Chaos Communication Camp 2011
Project Flow Control

Jayson E. Street
Day Day 2 - 2011-08-11
Room Baikonur
Start time 16:30
Duration 01:00
ID 4488
Event type Lecture
Track Hacking
Language used for presentation English

Steal Everything, Kill Everyone, Cause Total Financial Ruin!

Or: How I walked in and misbehaved

This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on.

They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight. I spend time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from this. I show the dangers of Social engineering and how even an employee with no
SE experience can be an eBay James Bond which can cause total financial ruin to a company. These Security threats are real. So are these stories!

I talk about how there is only 1 fact that should concern a business I am GETTING IN! No need to discuss defense we are way past that!

I discuss the 2 rules I operate under "I aim to misbehave" & "Let's go be bad guys" notice nothing about audits or PCI, HIPPA or Gramm–Leach–Bliley Act I
just want to do as much evil as I can get away with and what causes you the most harm I could care less if you are 'compliant' on anything.

Those 2 rules gives me these 3 outcomes which I discuss in depth.

  1. Steal everything I show with actual pictures how I could steal purses, backpacks, cell phones, cars, laptops, etc? I also provide a real world story from the news showing it is not theory but known practice of thieves.

  2. Kill everybody I show pictures of mechanical rooms that I was able to get in. Pictures of the fire suppression and alarm systems I could have turned off even a video of me walking into the back of a hotel going to their hazardous chemical closet that was unlocked and then walking unchallenged through the kitchen where I could have used those chemicals to poison all the food and also start a fire with them. I also provide a real world story from the news showing it is not theory but known practice of killers and terrorist.

  3. Cause total financial ruin I will show offices of VPs and CEOs that I had access to and where I would have been able to steal company secrets and actual formulas that are the livelihood of the companies I breached. I also provide a real world story from the news showing it is not theory but known practice of corporations.

Countermeasures With every outcome I provide the ways I could have been stopped and things that should have been in place that would have prevented me from carrying out any of these attacks. Some of the defenses are the same for everyone though once again defense in depth is what could have saved the day.