Francisco Nina Rente

Paper Title

Alphas, eggs and a big piece of internet for your community service

Abstract

Information is becoming the holy grail of our society. On business and personal lives, information or big data if you prefer, is and will even be more the resource for every relationship. Having information as the most valued resource, IT becomes the most important combustion engine that we need to control. To Security this means two things, information is the wise elder that gives you the best advices and the pretty princess that we want to protect. And as all the wise person, the elder will give you present and future advices based upon his (and others) past experiences and knowledge that will help you to protect the princess.

Believing in this, back in 2005, we start to create tools capable of helping us acting correctly in the present, as well as in future, by learning with the past. The first of all was Vigilis (former Nonius), a distributed system that created security and vulnerability indicators of a big piece of Internet, in our case the Portuguese Internet (at the time had ~5 million public IPs). Having into to account the current threats, we design a fast, non-intrusive and lawful (Portuguese/European Law) way to assess those systems and create security intelligence. This helped us to understand threats scope, technical details, efficiency of mitigation strategy and most important of all, what was the failure at the first place.

The same platform supported other studies, such as the one that help us understand how Portuguese address digital privacy, through a facebook case study. At the beginning, being a low budget project, it relied on a few hundred of python scripts running under OpenBSD on a bunch of old AlphaServers. Highly distributed system, supported by those tough marvelous machines, Vigilis scanned, in less then 4 days, 5 million IPv4 addresses, and 85 thousand .pt domains with a testing payload of 28 different types of vulnerabilities and 5 different malware specimen. The results from this tests were then submitted into a statistical engine designed to create internet security level indicators, the main goal of this system. Vigilis evolved and nowadays is an important piece of the intelligence management services that Dognaedis offers.

More recently we deployed a massive (fake) SPAM campaign, once again country wide, aiming to understand which are the SPAM techniques that the Portuguese were more prone to and how easy and cheap was to deploy such attack. Among the tested techniques, phishing schemes and malware deploy vectors were the most relevant. Each one of them was associated with different bait e-mails, representing different credibility levels in terms of how reliable looks to a non-security aware persons.

Both projects have, besides the scientific/technological value, a strong social responsibility side, since aimed the arise of security awareness.

This talk will present the major architecture details of both projects, the challenges that we had to deal with as well as the main results and outcomes.

Speaker Bio

Francisco joined the Portuguese hacker scene at age 14. Over the years he was a part of some hacker groups related with security and openbsd. Nowadays, he wears tie and suit to disguise among corporate and organization aiming that one day he will help them to realize that being a hacker is nothing but the having a passion for knowledge and freedom. On his professional live, he is a founder of CERT-IPN, the first private Portuguese CSIRT team here helped to create various security dissemination projects and started to do security services, being the first team in Portugal publicly announcing Penetration Testing as a viable security audit. Nowadays Francisco is CEO and Security Architect of Dogndis, a information security company.