In the run-up to the Security BSides San Francisco we are featuring a few of the many fantastic sessions on the schedule, with the first two speaker interviews looking at Craig Young’s A Day in the Life of a Security Researcher and Ken Westin’s Telmex Email Security Hole – My Email was Indexed by Google, both of which will be on Sunday, February 23, at the DNA Lounge.
Next up, we’ll look at a session being delivered by Lance Cottrell (@LanceCottrell) titled Using System Fingerprints to Track Attackers, which is scheduled for Monday, February 24th at 3:00 p.m. PST.
Cottrell is the chief scientist at Ntrepid Corp., and is best known for founding Anonymizer Inc. in 1995, Mixmaster anonymous remailer in 1993, and as the principal author on multiple Internet privacy and security technology patent applications.
He is an internationally recognized expert in cryptography‚ online privacy‚ and Internet security, and is a frequent public speaker at conferences such as the RSA Security Conference, Computers Freedom and Privacy Conference‚ the Organization for Economic Cooperation and Development in Europe‚ and at ISS World.
Cottrell says his main focus for the last twenty years has been on designing and operating online anonymity and pseudonymity solutions for consumers, corporations, law enforcement, and others.
“I created anti-censorship platforms for the Voice of America in both China and Iran, protecting the activity of hundreds of thousands of people,” Cottrell said. “In many cases, users of my anonymity systems are literally trusting their lives to my tools.”
In the course of creating these solutions, Cottrell has made a detailed study of the tools that can be used against them, noting that most adversaries are not dumb enough to attack from their own IP addresses and instead use various kinds of anonymity technologies, which is the basis of his BSidesSF talk.
“These technologies all leave clues that can be picked up by a defender,” Cottrell continued. “If a visitor to a website is known to be doing so anonymously, and that is highly inappropriate for the service in question, then the defender can instantly and automatically alter their posture to better defend themselves.”
Cottrell says that trying to defend networks with a one-size-fits-all plan has been demonstrated to be ineffective at this point, and that it is important to be able to adjust a security posture based on all of the available information.
“I argue that use of anonymity technologies is one of the most important indicators in many cases,” Cottrell explains. “For example, if a person is trying to log into an account where they have already provided a real name, address, payment and other information, for what legitimate reason would they ever try to do so anonymously?”
His BSidesSF talk is primarily directed at anyone with the responsibility for defending IT assets from attackers, and will lay out several specific techniques that a defender can implement to recognize anonymous visitors, as well as a set of possible responses which could be implemented when appropriate.
Fortunately for us, most of the landmines lay on the attacker’s side of the equation rather than the defender’s, Cottrell says, and he will be discussing some case studies detailing really smart attackers who still got caught because of simple human error.
That said, Cottrell believes there are still many challenges, as anonymity and countermeasures are an active and ongoing cat and mouse game.
“Cloud services are providing more and more ways of launching and obscuring attacks, while at the same time defenders have access to ever more sophisticated tracking and fingerprinting tools to undo those efforts,” Cottrell said.
“This combines with trends towards greater government control, censorship, and surveillance around the world and the countervailing increase in the use of anonymity and other circumvention technologies.”
- Lessons Learned from the OpenSSL Hack
- Target Data Breach: How to Perform Early Detection of a Distributed Attack
- Leveraging the Windows Registry in Digital Forensics Investigations
- Free Computer Forensic Tools for Data Mirroring
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock