 Lekaj me? Dobro. I teme se vse nekaj pošlartil. Elton John ne ne se zdajse. Vse njih ne bi. Kaj drugi zame, da je zelo. Zelo je bilo kratil. Pričo. Vse boš pošlartil, počo. Pnešno, pa je toh neko ispivno. Izgledaj se od pizda. Vse nekaj pošlartil. Vse nekaj pošlartil. I pa nekaj pošlartil. bistim vse mož著 izvukila. Znaprej si, da ga sta miljimo, delem, da bo je beli. Ne bude, da se najteva pravda špače, ‒ Kako ojevaj skočne tvoje telefoni, ‒ rašaj v ovom se. ‒ Ti ne? ‒ Js me sem skočny, ti je nebo. ‒ Možem da staviti? ‒ Čo ki ojevaj se? ‒ Kako ojevajte tvoje telefoni z gPRS? ‒ Jako, V nekaj dnev in Evropjih ne vseš, da se vseš, da vseš, da vseš, da vseš, da vseš, da vseš, da vseš, da vseš. In danes kaj dnev in Evropjih, da vseš, da vseš, da vseš, da vseš. Ko je v Evropjih zelo aktivno in vseš v mojej kraju, Italije, je vseš vseš. As you can see, we were able to receive notification of web attacks in January 2002 at the rate of 1,600 attacks per month, why two months ago we received 25,273 attacks. And the trend is clear, you understand yourself that it's going to raise and raise and raise and raise and raise. And we will understand why to raise and raise and raise very soon. For those who are part of the job, this is in this graph, it is representing the attack method we were able to track. And if you see the first two voices are known vulnerability and patch system and configuration slash administration mistake. Together they are more than 55% of the time. It means that more than half of the time it is the administrator fault if the server gets attacked and compromised. Some other times, for example, what is happening during these days with the new MSRPC zero day, it's not your fault, you can do nothing, the patch has been just released, you didn't install it yet, maybe you're not very well informed or the patch has not been released yet because it's happening. So this graph represents the reasons of the web attacks. And as you can see the purple line describes the for fun. So crackers are hacking websites more and more for fun. But I would like you to pay attention to the blue line. The blue line represents the political reason. And as you can see, we have two spikes in this graph. One spike at October 2002, which is the anniversary of the 11th of September. And a spike beginning of February 2003, which is the Iraq war, when we started to talk about the war in Iraq. So politically motivated web attacks are growing and growing and growing. And they will be more and more present in our life. This graph represents the defacement divided by operative system. An interesting fact, it is to notice that by January 2003, the Linux system started to be more attacked than the Windows system. The Linux system is the blue line, the Windows system is the red line. Usually it has been always the opposite. And this was by taking the number of attacks by host name. And taking the number of attacks by IP address, still we have, we can see that Linux system are again more attacked than Windows. And the question is Linux more attackable or attack than Windows. Does have sense only if you consider the raw numbers of the attacks. But actually you can't build any statistic. It doesn't have any sense to make any statistic about the vulnerable level of Windows and Linux. Because it depends very much by the moment, actually, new exploits are released by the personal taste of some hackers, I know some hackers which are just attacking Windows, some others are just attacking Linux by personal preferences. It doesn't have any sense to build up a real statistic on this. And cyberfights, we have seen a lot during the last year of cyberfights. When we are sleeping, actually a lot of things are going on on the net. And the five hot topics about cybercrimes, they were related to the war in Kashmir. So Pakistan and India, they were Pakistani crackers and Indian crackers fighting each other. And occasionally, or even more than occasionally, attacking American servers. Then we have something related with the war in Iraq. And as you can see, a lot, of course, of attacks were towards United States, especially Brazil. Brazil is specialized in attacking the United States. I don't know why, but we will see even later, for no reason. Code red, do you remember? It was not only the war causing damages, but also crackers that were attacking Chinese and American web servers just to fight because of this, the story of the spy plane. The Palestine-Israel related issue, and again Brazil is attacking the United States. And finally, no global, those who are protesting about globalization, and occasionally the country that is attacked is the country who is hosting the G8 meeting at that moment. But anyway, Brazil attacks the United States. So don't ask me why. So if we put everything together, we understand that there is a big mess. And doesn't matter where you are, doesn't matter where you live, your web server is still under threat because of any reason, actually. Now let's try to understand why cybercrimes they will increase. Why the graph we saw at the first slide will keep growing and growing and growing. The first reason that cybercrimes are convenient is that there is a lack of IT laws. OK, you are the country so far who has the best IT laws asset. My country doesn't have good IT law asset, though we have some laws. Brazil, they don't have any law. And probably this is the reason. Most of the times the laws are different. And then you have to tell me, maybe we have some lawyer here saying if I am an Italian hacker and I hack the White House, should I be prosecuted by Italian laws or by American laws? Am I committing a crime in Italy or am I committing a crime in the United States? That's an interesting question. The cybercrimes are convenient also because there is a lack of law enforcement international cooperation. The guys are not talking. The police forces are actually quite jealous and rather than cooperating they keep information by themselves. That is not yet full disclosure. And also the fact that ISPs are non-transparent try to go to my country and ask for logs if you receive any attack to the ISP. ISP will tell you, go to the hell. I'm not going to give you. Pay my bill and shut up. Even the European privacy law is forcing the ISP not to release the logs. So an order from the prosecutor or from the investigator has to be issued in order to have somebody at the ISP level giving you the logs. I think it is more or less the same here. Then cyber protests are very convenient because there is a general lack of security. This is nothing new. Internet is becoming more and more big and the adoption of UMTS telephones will make the internet much bigger. There is no need to protest on the street and this is a very good point actually. When people were fighting on the streets for civil rights they had to go to the streets. Sun, rain, fog, heat, cold, it doesn't matter. They were on the street and they had to fight with police. Cyber crimes are convenient because you can't protest being home and drinking your beer. And probably if I hack the White House website or Al Jazeera as it happened website my voice will be much heard than if I was on the street screaming against somebody. So it's more effective. There is no direct confrontation with law enforcement so I'm not going to be beaten by them staying home. And finally the cyber crimes will never stop because there is an inherent slowness of the institutions. Not because they are dumb. It's because there are so many cyber crimes and they really can't keep the pace. The internet is getting more complicated. More installations are coming. More appliances and more subscribers. And finally, and it's very important actually the software producers are facing a market challenge so the guys who are writing your internet explorer browser are pushed by the management to do it in a rush, in a hurry because there is competition outside and then you have to release products at a competitive price at the right moment. You can't spend billions of dollars in developing a hyper secure web browser that must be sold then later on at $10,000 per copy and nobody would buy it. So the software producers are forced by the market to release things without having the time to proper check what actually the code. And this is actually the last graph I want to show you and it is the replacement by OS operative system and it is interesting because it shows, I just want to you to point out the tension to the red line which is Windows 2000 from January 2002 Windows started to be safe because the slammer worm the slammer worm was so much public so many newspaper they were talking about the slammer worm that the administrators were informed and therefore they were pushed by the media to patch. They patched therefore the hackers, the crackers they had less accessible system Windows based and this sharp decrease means actually that a proper patching helps a lot patching itself, it's enough you don't need to be a genius to secure your system if you properly patch and you just follow the advisories you do your job as you should do then your system might be 95% safe. Now let's get to the business the UMTS telephone UMTS means universal mobile telecommunication system it is the way the traditional hackers limited world will be extended in our everyday life activity and now we are going to understand why first of all I want to tell you that UMTS protocol will be struggling very hardly with wifi for a very simple reason $80 billion has been spent by the telephone companies and it requires UMTS licenses what does it mean it means that the telephone operators will force the producer to produce UMTS telephone and to stop to produce GSM telephones therefore even if you don't want you will buy a UMTS telephone and you will start to use the service, the internet service provider will want to sell to you like internet connection or in Italy for example we already did this video conference we can talk by phone seeing each other and for example we are all soccer fans and on the weekends there are people who subscribed the UMTS service just to get the video of the goal as soon as it's scored and it's a pretty good business on the UMTS platform you can develop a lot of services now here is a UMTS telephone this one ok, it's an ipak it's an ipak, but with a special thing on the back now it's a telephone exactly like the telephones you see there the only difference is that this one doesn't have the webcam but those they have the webcam the telephone on the left is the telephone supplied by default by the italian telephone operator and on the top of it you can see the webcam for the video conference the one on the right it is a little bit more complicated telephone and actually the UMTS telephone that will be like the one on the right and you can do basically whatever you do today with your laptop you can have video conference it is a full multimedia platform it's a data bank you can run your office files it's a good mobile computing platform because today they have 400 megahertz processor which is powerful enough to do your stuff and web browsing basically using a UMTS telephone you will have no limits because you can do whatever you do today from your PC just from your pocket now I bought one this is an extremely cool stuff and I want to play a little bit with you can you please tell me who wants to have it raise your hands who wants to have it now please do me a favor keep your hands up watch around you the faces of the one who has who have the hand horizon and remember it because now we are going to play a little game I need a victim you come come you didn't raise your hand the guy behind what's your name? big applause can you explain why you told me that you want to have this thing because one of the things I saw there could be powerful Linux and it's on the west and it's free and no no no the question wasn't who want to have this one for free the question was who want to have the UMTS telephone now I want to play a game with you and we will play a game with them first question what happened first question try to imagine that we have a digital signal card unbreakable absolutely secure unbreakable if such thing exist would you have any problem to use it? what happens if you lost it? the question is would you use it? I would use it raise your hands ok would you have any problem into using your digital signal card inserting it into a computer authenticate a transaction my answer is if it is an unbreakable digital signal card I don't have any problem if such thing exist you? no raise your hand who would use it ok let's go ahead ok it's just a case that it's windows I swear I didn't do it on purpose now would you like to use your digital signal card to authenticate a transaction through a computer on which is running a weak operative system my hands start to I need some weightlifting activity now who would like to do it? ok you take notes of this you will be punished later you are a deathplone guys ok the next question would you like to use your digital signal card to authenticate a transaction done using a computer on which is running a weak operative system permanently attached to the internet leaving your digital signal card one guy there they are already on the safe side next question would you like to use your digital signal card into a computer on which is running a weak operative system permanently attached to the internet wirelessly the guy there is tough you took it personally well given the fact that all this stuff put together plus a dumb telephone are exactly this thing can you please explain me why do you want to have it you guys listen listen listen I explain to you I was playing with your mind I was playing with your left part of the brain and with the right one because when you were telling to me yes I wanted this was the emotional part of the brain that was working now the other part of the brain is working and saying no I'm rational I don't want this but still if I now nobody wants to have this but still if I would ask who wants to have it you have to stop your hand ok now please pay attention you are security guys can you imagine the billions of people out there which they don't know shit about security what will happen to them what they will install on these systems and a lot of damage can be created on such system thank you very much, I appreciate now let's talk about the danger on this handheld it's mounted windows 2002 pc it works in a very strange way there are two level of memory the first level in the first layer all the programs are loaded and they are stored in the memory permanent because this doesn't have any hard disk and the second level of memory is used as the dynamic storage so when you run a program that part, the second part gets dimension proportionally to the need of the software in memory I don't know if you have a handheld but if you close, if you run a software and then you close it pressing on the X, like in windows the software closes but actually it closes only graphically the software keeps loaded in the memory and the data which were processed by the software are still present in the memory so you were running excel file so your excel file stores the data on the second layer and then when you run a different software the processor stops to pay attention to excel, starts to run another software dimension the second version of the memory but excel is still there so when you come back to excel you still find your data there so the question is what stupid operative system is this actually it's not stupid because pay attention for what I'm doing I'm taking away the telephone now it's a PDA and being a PDA actually it's an excellent system because when I meet this guy and I want to establish a meeting or to exchange information I want to pick up the thing out of my pocket switch it on and everything should be already up and running you don't have the time to boot that's why the system is built in this way but the problem is that when this thing becomes a UMTS telephone then your data were present on the second layer of the memory are probably if the system is not secure accessible from the internet okay this is one of the most secure actually before the DEFCON was one of the most secure PDA because yesterday a guy showed how to break the digital fingerprint recognition which is present so every time I switch on the thing he asked me to put my fingerprint and actually on the manual it is explained to you that you have to enroll two different fingers on two different hands because you never know you might lose your hand so you cannot switch on your thing it is written in this way anyway it is a fucking secure thing for them please pay attention to the right part of this slide this is the regional settings of windows 2002 pc do you see anything wrong there? what? currency is backwards okay so the minus is instead of the plus a little mistake known already by Microsoft since months still I bought this thing a month ago and it is still present and not patched and I took it as an example of the level of attention Microsoft paid when developing this operative system so if there are such errors and such errors are not fixed even if the issue is known you can understand how can it be the rest of the operative system now how UMTS works very simply like this is a typical one of the architecture of UMTS telephone platform and basically we have the UMTS telephone who transmits the data encrypted to the first two nodes and then because UMTS platform to run on already existing platforms it is hooked on the old GSM structure therefore the data are running non-encrypted and this is the first concept of weakness what is the reason to encrypt the signal for half of the length then the second half of the length the signal will not be encrypted and that is why actually crackers will attack rather than attacking the encryption level they will exploit either the appliance itself or the old weak vulnerable points of the GSM structure and what it is possible to do today on this thing a cracker could use operative system security flows assuming that Windows 2002 has someone through open ports it is connected to a fixed IP address so there is no difference between this one and Microsoft server where they are sending me a virus through a mail, a trojan using component flows this is a Java platform enabled handheld so using Java application I can load whatever I want using web server flows web servers and we will see a very nice example or exploiting application level one thing I didn't tell you before when we were talking about cyber attacks we didn't say that doesn't matter really if the attack system was Linux or Windows because most of the time web server gets attacked it is because the attack was conducted on application level or on database level regardless the operative system the same thing will be here and I just if a cracker gets the control of my PC I am in deep shit because I will lose all my information all my secrets will be open I can receive denial service because I have a fixed IP so my telephone will be not operative because somebody is floating my IP address or I can be used to send some denial of service to somebody else and because the UMTS bill in the beginning will be based on traffic believe me you are gonna cry at the end of the month okay espionage or eavesdropping please pay attention this is a multimedia platform if I have control of this I can use the windows embedded part of the operative system who controls the speakers and the microphone I can switch on the Microsoft from remote and listen to everything what you are saying even if the screen is not showing you anything and this is extremely dangerous somebody could use my thing to do unauthorized banking shopping using my digital card and my IP address it will be a problem later to explain to the bank no I didn't do it I didn't buy a yacht or Ferrari anyway no you are all security guys now a nice example I mounted on this thing because it's a full PC SQL and I mounted the SQL server digital dashboard 3.0 provided by Microsoft up to one week ago on the website and together with the SQL server it gets mounted a web server ok, Microsoft web server and this is the welcome page of the web server once it is mounted on this telephone and it is telling to you that allows you to have full authentication basic authentication actually it is a full featured web server so I installed it and the first thing came in my mind because I am a good guy how can I exploit it and believe me it took long time and it was terrible but finally we understood how to exploit Microsoft portable web server from remote it is enough to connect to the slash admin and the default installation lets you in do you understand what this mean but lets you in in it means that all everything which is here you can see it because then the remote administrator it is enough for me to make a configuration to create a new virtual path which is leading me to the root of the system to the main directory and then from there I can start to browse and this is an example calllist.dat this is the list of the calls so anybody could spy me if I was using my telephone as a web server anybody could spy me knowing what kind of telephone calls I am doing just simply using the browser basically or there is a very interesting directory which is the slash windows and this is the welcome page you get but if you know a little bit of windows architecture you know also that the file bioswap.dat it is actually the file with my digital fingerprint image so an attacker could recover it is encrypted but anyway why the hell somebody should be allowed to take the image of my fingerprint this is extremely dangerous or this is the mail I received from the DEFCOM organizers reminding me about the final details of before beginning the conference so knowing that it is stored in slash messaging slash whatever somebody could read the email from a web browser so I am ashamed and embarrassed to announce you this highly technical advisory I know I would be rewarded for that anyway I warned Microsoft 2 weeks ago and actually to be honest they reacted very professionally they took offline immediately the web server so it is not anymore downloadable from Microsoft website and they told me yes you are right we have such vulnerability and we are now fixing it and all the process was by personal mails it wasn't any mail robot like in the past answering me yes I got your advisory so we can say now that it's safe because Microsoft was warned they took it off from the internet so we can release this advisory saying that the windows beta web server is allowing full remote access because the default installation of windows allows an attacker to gain full remote access without authentication simply logging it to attack host slash admin now privacy threat what can happen to me besides losing my files well many of these things I was in Japan a year ago and they are already selling very much advanced UMTS-like they have GPS incorporate and it's very neat feature because for example right after here I will go to Los Angeles city which I never visited and having a GPS into system, into this one would allow me to get the map of where I am find directions and Japanese people are really much using this but the GPS coordinates to be shown to you after having been received they have to be stored somewhere in the memory and if the attacker knows where those coordinates are then you are going to get in deep shit because everybody can track you down and even without GPS actually when I'm connected to the GSM network I receive the cell phone ID and the cell phone ID it's a unique ID and the cell is there maybe 500 meters away from here and it's serving this area so if an attacker can retrieve the ID of the cell can know more or less where we are and finally the timing of the wavelength used by UMTS is allowing direct tracing in this case you must be a very professional one with a lot of equipment but if you have such equipment you can track a person within 20 meters of approximation so here we have some links you will find it in the presentation if you are interested to study this topic you can you can go ahead now let's conclude home automation I was selling myself home automation systems and it was a bloodbath at least in Europe I lost a lot of money and I couldn't understand why so cool thing but the people they are not buying it beside the fact that they are expensive the best reason it is that they weren't actually very much interactive but if you have a telephone which allows you to operate your house you can even see the stream the video stream of what's going on in your children room if they are studying or playing then probably you are going to buy UMTS because you can fully control your house you have the emotional reason to do it and this will be again an extension of the hacker playground here is the internet refrigerator it's not a dream it's not a concept it's something you can buy today actually it's something you could buy a year ago it is produced by LG Electronic and it is a wonderful thing it has a touch screen a webcam a full internet access email, video email voice only blah blah blah blah so it's a full computer and it is even stated this is a copy of LG webpage the fridge built in PC is a low spec a fair based on 300MN semiconductor geodic processor PC now the question is if this is a PC and it is connected to the internet it has an IP address if it has an IP address people here at DEFCON might be very much interested to discover it when it is attached to the internet now the question is what kind of wonderful operative system on this beautiful machine I didn't understand yes, yes of course, of course it's cybers talking actually and commercial company will be very much interested in that anyway always on the producer website we can see that it runs a modified version of Windows 98 and by modified version of Windows 98 I bet my ass that they mean that they loaded the touchscreen drivers and that's it because nobody can modify Windows 98 not even LG now you hackers how would you kill instantly such refrigerator can you tell me? ok, ping of death and the cracker could melt your ice creams in a matter of seconds a bit of time and last seven minutes if you do have an internet refrigerator then you must have because you spent 13,500 dollars to buy it then you certainly are rich therefore you have a naked wife that in the morning is cooking you the breakfast that's for sure and I would be very much pleased to get access to the multimedia or to the webcom of such refrigeration to stream it to the defcon actually the next defcon we can do something like that we can identify a refrigerator like that on the internet and stream the video coming out but if you were such tycoon to buy a refrigerator like that then you can't miss the internet oven and you guys are laughing it's going to happen it was meant to be extreme but you tell me why shouldn't why shouldn't an American citizen receive an attack from Pakistan on the Thanksgiving day we are already getting those attacks so why not in my refrigerator or in my oven so to finish we can say are we scared I can't continue are we scared so what system will be invented to keep us safe and to secure our privacy and is there anyone who can help me to get rid of this techno nightmare the answer is yes there is somebody who can help you to get rid of this techno nightmare ok when I was showing this last thing to my Italian friends they were telling me what the fuck is that because they cannot pick it up fortunately you did ok now I have a compact speed pack cellular PC card that that phone will give to somebody who would like to ask questions I hope you are not going to ask questions because then I am keeping by myself it's a global positioning system the normal system that you have on your car ok it was easy to gain it come here come over excuse me I didn't understand excuse me it's the gin tonics and your accent can somebody translate me in Russian or Italian say yes it can be used by the way I didn't say it it is bluetooth enabled it has wifi plus full fixed internet connection so you understand the owner of this will be in deep shit thank you very much for your attention I will list the name card here if you are interested to pick it up and you can find myself around if you want to stop me and punch me I will be there