Best Reports at PHDays IV: Surveillance, Hacking and Nation-Specific Cyberwar

Big conferences with multiple reports delivered at once seem to cooperate with the Murphy's Law — the most interesting (personally to you) sections have the same schedule time. Choose one of them — miss the others. What can you do?

As to the international forum on practical security Positive Hack Days, this problem is easy to solve — watch the report video records. It is particularly valuable for those who missed the conference. All the video files are on the website phdays.com/broadcast/

Yet watching all the records made in all the halls during two days is an option for extremely patient people. It is far more logical to filter them by topics or authors: first, read the descriptions in the program and then choose a particular report from the video list.

Still, do not forget the reports were described before the conference, when nobody knew how interesting they would be. What if only the title is cool and the contents are dull? This is the reason we suggest the third method — by popularity. We have analyzed the feedback of the PHDays participants and picked ten fanciest reports. Here they are:

1) Big Data on Social Networks: No Need for NSA’s Special Surveillance to Keep Track of You

Igor Ashmanov, a specialist in artificial intelligence, started his report with a declaration that he was not interested in information security and got to the conference by accident. Still, he told so many fascinating facts on how to study people using social networks that the audience did not let him go for the whole hour after the report was over. The most Internet-cited are the slides related to "Navalny's band" and the rating of liberal and patriotic media based on the analysis of Twitter and Facebook reposts.

2) Life After Snowden. Modern Tools of Internet Intelligence

If Mr. Ashmanov used social networks for generalized researches, then Andrey Masalovich, Head of Competitive Intelligence Sector of the Academy of Information Systems, demonstrated techniques of more targeted private-data collection. The Pentagon showed many of these examples on its website. The most cited slide is passport scan collection by simple search on Vkontakte.

3) How to Intercept a Conversation Held on the Other Side of the Planet

Sure enough, publishing phone conversations of well-known politicians is very trendy nowadays, thus the report title is not accidental. Dmitry Kurbatov and Sergey Puzankov, the experts at Positive Technologies, spoke not just about tapping, but also about other SS7 features hackers widely exploit: DoS attacks, fraud, money transfer, SMS hijacking and determining subscriber’s location without its consent.

4) Comparing Iranian, Chinese & North Korean Hacking Worlds

William Hagestad has served as a US Marine Officer for more than 20 years, and now is a qualified specialist in cyberwar technologies employed by different countries. He started his report speaking Chinese — as an example of a culture and information security issues in particular odd to people from the West. The rest of his speech is great to cite: "If you have a question, please stop me and ask me, coz I love the multi-task." It's hard to imagine a report delivered as showy by someone, say, from the Ministry of Defense of Russia.... But cannot they rise to the challenge and respond at the next conference PHDays?

5) Government and Information Security

The organizers invited people of different professions to this round table: a representative of the Ministry of Foreign Affairs, a member of the Federation Council, Head of the Coordination Center for TLD RU, a researcher from the Higher School of Economics, a director of an analytical company and two hackers. Alexey Andreev, the moderator of the discussion and a former chief editor of the Webplanet portal, suggested that they talk about new Internet laws in the language of security not in general words. Why does a blogger with a total audience over 3,000 readers suddenly become dangerous? Why will Russia never adhere to the Budapest Convention on Cybercrime? Where is ICANN's "golden egg" hiding? How much does it cost to hack Dmytro Yarosh' mailbox? It was discursive, but interesting.

6) Intercepter-NG: The New-Generation Sniffer

Alexander Dmitrenko, Head of Training Department at PentestIT, spoke about the development of "the most advanced tool to restore data from traffic". He covered the algorithms of a few little-known attacks. The author of the sniffer introduced as Ares used to correspond with Edward Snowden, who was interested in how the software processed huge data arrays. This how we found out that children from the West play Russian games!

7) My Journey Into 0-Day Binary Vulnerability Discovery in 2014

This year, PHDays met a lot of female hackers (or security specialists): a CTF girls-only team from the Republic of Korea, experts in cute SORM (System for Operative Investigative Activities), and Young School finalists. Alisa Shevchenko, Head of her own company Esage Lab, was twice ahead of the others at the conference. Beside the report on personal fuzzing techniques she delivered with examples of flaws in Microsoft Word and Microsoft XML, Alisa won the contest Critical Infrastructure Attack having found several severe vulnerabilities in the latest SCADA versions. Later she confessed that searching for binary vulnerabilities was just a hobby for a couple of hours at night.

8) Impressioning Attacks: Opening Locks with Blank Keys

The members of The Open Organization Of Lockpickers (this is what TOOOL stands for) visited PHDays for the second time already. During two days of the forum, their tables were surrounded by crowds of people. That, what the majority of us had just seen in movies, was free to try at the forum — to hack an ordinary door lock with a couple of simple metal hooks. This year, TOOOL demonstrated not just picklocks, but also the impressioning technique: to open a door, you need only a blank key, sharp eye and file.

9) SCADA Strangelove: Hacking in the Name

Sergey Gordeychik and six experts from Positive Technologies told several stories about vulnerabilities in industrial control systems employed in various facilities: energy meters, oil-production enterprises and even the Large Hadron Collider. Their vendors differ as well: ABB, Emerson, Honeywell, Siemens. For two years of work with SCADA, the company has detected 200 zero-day vulnerabilities, but the presentation included only those of them that could be disclosed, since vendors had already eliminated them. The reporters dropped a hint that they had a lot of similar stories to tell next year.

10) . . . . . . . . . . . . . . .

The emptiness here is not a mistake. We think it is up to you to choose which report must take the tenth position. What report did you like most of all? We might miss something, mightn't we? Join the conversation on our Facebook group.