USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers

Рет қаралды 176,733

Күн бұрын

Пікірлер: 70

@uniquelycommon2244 9 жыл бұрын

Whoever convinced the head of TAO at Ft. Meade to give a conference presentation on thwarting nation-state attacks is the person I want handling booking if I ever hold a conference on anything. Damn. One very slight ding: from a news report re. this talk (that actually led me to look for this clip in the first place) it appears that there was a bit of Q & A after the end of the presentation that isn't shown here. Still, thanks very much for uploading this, as well as other presentations from the conference.

@DavidBrumley 9 жыл бұрын

+Stephen Allen USENIX does a great job of getting awesome speakers. The slides and talk are available open access, but you have to go to the conference to hear Q&A.

@OhDearBabajan 5 жыл бұрын

maybe he convinced himself.

@buddydaturtle1726 5 жыл бұрын

Having been to a couple of security conferences the best talks/aftertalks are the one's that they don't record, for obvious purposes.

@Arctific 7 жыл бұрын

Know Thyself: it is an olympic ideal to either become or sustain competitive greatness. This use of Know Thyself for InfoSec Defense is spot on. The model of three attackers: opportunist, advanced persistent and destructive is excellent also. From this talk alone, a world class InfoSec program could be built.

@joeskinny3480 9 жыл бұрын

Just finished watching. A great presentation covering a host of topics everyone responsible for IT security should consider.If you want a technical "how to" manual this is not the presentation for you. If you're not a techie and especially if you are actually vested with security responsibility and authority beyond clacking on a keyboard, this is a must see for you.

@TomBrennan973 9 жыл бұрын

Thanks for posting this talk and content from the conference.

@callmebigpapa 2 жыл бұрын

Am I the only one @11:38 who immediately thought "Reddit?"

@SKDYCAT 9 жыл бұрын

Difficult != Impossible

@thorodinsun7140 6 жыл бұрын

HAHA at 30:40 he mentions Steam games and this was 2 years before the Steam RCE was found ! Don't give away our secrets accidentally Rob :)

@waverley41 5 жыл бұрын

wow good catch

@shinkurt 2 жыл бұрын

NSA TAO seems pretty fun and interesting place to work. Their expensive tools probably make it a joke to break into anything. He only talked about how to defend against common attacks though - not zero-days ;P - he said they aren't important.

@detective5253 2 жыл бұрын

of course he didn't and he technically will not, look at Stuxnet malware and their recent incident of hacking the chinese university this year, some chinese IT guys who've been working on analysing their trojan that pulled off about 140GB successfully of stolen data confirmed the TAO team has had used more than 40 of cyber weapons! can you imagine? now you're saying he didn't talked about 0-day vulns..

@cristianv7441 7 ай бұрын

@@detective525340 it's not that much for the amount of operations they are doing plus we don't know how large of a team they are, you need to put in perspective, the response is not always a zero day, but sometimes can be a lot easier than that

@salvadorvargas4716 8 жыл бұрын

Great presentation...very good

@SpeakerCraft-q9m 11 ай бұрын

Old but still fundamental.

@xCheddarB0b42x Ай бұрын

many best practices mentioned here, 8 years ago, are still being violated

@callmebigpapa Ай бұрын

@@xCheddarB0b42x All day every day. Recently encountered a company that hadn't changed their passwords, some 6+ years and low complexity. And they wonder "how? "

@jewelbennett7325 3 жыл бұрын

www is the life line of the social engineering experiment going on currently. All of it is very hard for some to take day after day

@patrickjsteed 9 жыл бұрын

Great talk and information!

@billunmuth3396 3 жыл бұрын

until they go after you.

@michaelmulligan0 3 жыл бұрын

I understand very little of this but interesting! Would a good use of AI be in cyber & IT security ?

@birdman1393 3 жыл бұрын

It's in use. He brought it up a little bit, basically software that watches for irregular activity on networks

@tanyaka 9 жыл бұрын

The process and remediations the guy presents are nothing new, any good pen testing outfit will be doing the same, difference is the NSA have virtually unbounded resources to do it. That said, still an interesting talk, shame about the q & a

@zohirchowdhury 8 жыл бұрын

Great presentation

@harrjd514 8 жыл бұрын

wondering if anyone is rethinking this presentation?

@unholykill333u9 2 жыл бұрын

Try hacking a Brick House and an Iron Stove when/If my computer gets hacked throwing it in the fire, because I'm not sure why my cousins wanna Fuck with me, but I'm not playing and extremely on Edge with just about everything in modern Society.

@larry_ellison 6 жыл бұрын

I swear we don't use zero days they're not efficient enough... Um bruh.

@icarustheother8591 2 жыл бұрын

Sounds like a pretty decent program I like to be a part of that unfortunately I'm just puke civilian duct tape and bailing wire don't know much more Love gas and gas ladies and gentlemen thank you so much for the advice exponentiate that to fight the f****** bottom line starting so willingly about my language and my nomenclature however this is the way I feel this is the way it goes in gold

@lower_level_gee-mah-tree-ah_TV Жыл бұрын

In my small nobody opinion, at this point, anybody that is actually capable of the variety of all this shit, already has immunity committing cyber crimes right under their nose or with this blessings , and if that is completely off, it won't be long before these guys get em on their team with immunity from prosecution, for the simple fact, they just are not cut like that, never been thru anything more than likely, and know very lil about anything outside of a keyboard and screen. If anyone cares to add or subtract to this, I'm all ears, I'm willing to absolutely accept that I'm not entirely correct, respectfully 👈

@lower_level_gee-mah-tree-ah_TV Жыл бұрын

Safe to say , if these are the "guardians of the internet" or "protectors against cyber criminals" then how fun must it be to send all other departments, people, and nobody apart of their group/gang on wild goose chases 😭 👋 👏 I'll rate the scareware around 4 outta 10, come on guys y'all gotta get this scareware score up "god damit"

@youlikeicecream 8 жыл бұрын

That screen in the background; fuck epileptics right?

@xG33Kx 7 жыл бұрын

youlikeicecream it's a full sized LED array, much cheaper to make very big

@rahulramteke3338 Жыл бұрын

Imagine if 'PLA Unit 61398' members gave exact talks exactly like this (no diff), ameriKKKans would loose their marbles

@RR123 9 жыл бұрын

So... how and why should we believe this is not a psyop?

@NistenTahiraj 9 жыл бұрын

+RR123RR How? By laying off whatever is tripping you out and applying some clear logic. Why? He says it. Most often they don't even need to use 0-days because security in most corporations and government is so relaxed that anyone can hack in. And he is giving this talk because government/banks/corps today keep loosing money for example to bitcoin ransom-ware that some kid wrote. It's happened to the FBI, it's happening right now to banks in India, it's happened to regular people in Australia... the cyber-criminals keep getting paid-off because companies don't update their software/protocols. At the end of the day, even if you fix everything, the NSA will still be able to hire the best people to reverse engineer security , find 0days, or even just buy off every zero day on the darknet. So you're still screwed lol, but that method of operation is expensive and not used at scale. It requires time, good engineers are rare and not cheap, many new exploits become useless atfer being detected once, so they're best used in special cases (i.e. Iranian nuclear plant). Most of the time (as he said), they don't even need to do that, they can easily break in through publicly known methods.

@sergec3539 9 жыл бұрын

@newsletter4826 8 жыл бұрын

+RR123RR It effectively conditions people to think that the NSA's crimes are all shits and giggles, and to be expected.

@rodeocyclone 8 жыл бұрын

You're wasting your time. Their tinfoil hats will block out your false flag, or something like that.

@lower_level_gee-mah-tree-ah_TV Жыл бұрын

We are computers and computers are us, bios, wake up boot up start scans viruses malware storage motherboards mother earth, etc etc, computer motherboards pretty much Mirror how ancient civilizations are laid out, although it's much deeper than a bunny's dooty shoot in it's entirety, that is what seems to be the jist of the jiggy , in my opinion, but I know absolutely nothing so I'll leave grains of salts and 2 cents just to be on the safe side in the event of disagreement or conflict 😂 so take what I say with a grain of salt and there's my 2 cents Gracias compa mai frenn

@WorldRecordRapper 3 жыл бұрын

haha hey Rob nice to see ya

@doktormcnasty 9 жыл бұрын

'King Guy!

@amandamate9117 5 жыл бұрын

incident response my ass bois

@mohamedfouad2304 6 жыл бұрын

Donald??

@jagadeeshakanihal 7 жыл бұрын

Nothing concrete, just generic hmm I mean bullshit.

@PosiP 7 жыл бұрын

this dude is a manager, not a hacker. Snubs, you let me down.

@Baigle1 7 жыл бұрын

It wouldn't get as many clicks if it were worded manager does it really matter? good talk anyway. we know its different to look thru code to find out of date stuff to break... the developers of many programs don't see half the problems in their software as its a feature not a bug after so many false bug reports what matters is actually taking the time to dig in and be meticulous, it takes good teams to do blue and red

@Wolf-sd8fr 6 жыл бұрын

Posi P He has to understand hacking to be a manager of TAO hackers

@DirkKuepper 9 жыл бұрын

I never trust about what he is talking about. NEVER! If security is your business, you don´t talk about how you do it! NEVER!

@FrozenSkiller 9 жыл бұрын

+Dirk Kuepper Wrong secure encryption is only secure if everyone knows how it is implemented and still cant find a way to crack it.

@theyruinedyoutubeagain 6 жыл бұрын

Yo Dirk. Sit down

@h0ney_r0ze 7 жыл бұрын

🤦🏻‍♀️

@PosiP 7 жыл бұрын

this is a load of crap. No government man knows more than the developers. Code writers are not developers. All I can say is honey pot

@SpeakerCraft-q9m 11 ай бұрын

My experience is there is turnover in companies so who built the app is now gone and in his place is someone who is seeing a black box. Good luck getting support. I suspect the NSA has a team who know the code line by line and advanced tools to examine it for every Firewall, IPS, VPN and the underlying tech.