Black Hat, founded by computer security expert Jeff Moss, held its 18th annual conference in Las Vegas this week. In the first four days, attendees receive training from experts in the infosec community. The fifth and sixth days were dedicated to briefings. Over a hundred experts presented 100 briefings during the conference with topics covering everything from IoT vulnerabilities in smart firearms to understanding entropy. For those who were not able to attend, we’ve summarized three of our favorite briefings below.
By: Markus Jakobsson and Ting-Fang Yen
According to Jakobsson and Yen, scamming continues to be a profitable strategy for online criminals. One of every 10 adults in the U.S. falls for a scam every year, a third of these via the Internet (from a FTC survey). Poor attempts at social engineering and seemingly legitimate scams snare the unwary as well as the most discerning users. Surprisingly, the Nigerian scam tactic still works, says Jakobsson and Yen because gullible users still exist.
The obviously scammed email weeds out the more discerning recipients but still hooks the more gullible ones. Jakobsson and Yen said although this type of scam remains profitable for scammers, they are becoming more sophisticated in their attacks. This sophistication blurs the lines between the typical Nigerian scam and more elusive phishing emails. Spam filters do help, but not as much as you might think. Thirty percent of Yahoo filters and 34% of Hotmail filters were unable to detect and block scam messages.
By: Colby Moore
Until now, most talk in the news about satellite hacking has been theoretical with very little real world attacks. Moore takes us past the theoretical. He goes into detail clearly showing vulnerabilities within spread spectrum communication, the basis for most of our modern communication technologies (cellular, Wi-Fi, Bluetooth, ZigBee, etc.) and then exploiting them. He also demonstrates how to collect intelligence using a compromised satellite and how to use a compromised satellite to spoof.
By: Kyle Wilhoit and Stephen Hilt
Wilhoit and Hilt state that attacking gas tank-monitoring systems is a real possibility. Their research shows that attackers are targeting gas tank-monitoring systems worldwide. Most of these attacks (44%) are occurring in the U.S. Wilhoit and Hilt say attackers may be motivated to attack gas tank-monitoring systems for several reasons. Attackers may be inexperienced and want to test their skills against a vulnerable system. The attackers may be doing industry-targeted reconnaissance or sabotage. Or they may doing it to extort money.
Wilhoit and Hilt conclude that connecting devices to the Internet should only be done only when it makes sense to do so. Not every device needs to be—or even should be—connected to the Internet. Also, gas station owners should consider all the implications of adopting a gas tank-monitoring system and take the appropriate precautions if they do so.