[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] What the UK government care about in a hacker
From: Ureleet <ureleet () gmail ! com>
Date: 2008-06-29 18:29:10
Message-ID: 6158bb410806291129g14dcfb47raec19904d06239fe () mail ! gmail ! com
[Download RAW message or body]
finally something sane. i agree.
On Fri, Jun 27, 2008 at 8:50 PM, n3td3v <xploitable@gmail.com> wrote:
> On Sat, Jun 28, 2008 at 1:38 AM, Ureleet <ureleet@gmail.com> wrote:
> >
> > u know how old this article is?
>
> A couple of months old and a prime example of that the intelligence services
> don't give a fuck about fire fox, internet explorer, opera and other gay
> applications people post application flaws about on Full-Disclosure.
>
> I want to see things post that actually affect national security and the
> government actually give a fuck about.
>
> Let's move away from stupid computer applications and start focusing on
> national security if you want to be an elite hacker, nobody cares about
> applications, buffer overflow and the like, its over and done with, its old
> skool, nobody gives a fuck anymore.
>
> If you want to impress the government then start on mobile, radio frequency,
> chip / hardware hacks.
>
> The security community has got to evolve, we can't be sitting here in 2020
> still getting wet and excited about an internet explorer or quick time
> flaws, its getting gay, its nearly 2009...
>
> All the best,
>
> n3td3v
>
> >
> >
> > On Thu, Jun 26, 2008 at 5:45 PM, n3td3v <xploitable@gmail.com> wrote:
> > > On Thu, Jun 26, 2008 at 2:08 AM, n3td3v <xploitable@gmail.com> wrote:
> > > > I think we've gone beyond the F-Secure has said stage, I think folks
> > > > are looking for something more. I think the security space has evolved
> > > > already in respect of home user hackers, the security professional
> > > > circuit and with the government.
> > > >
> > > > Infact the government are finding it hard to keep up with what's
> > > > possible by the government and what's technologically possible by joe
> > > > average in his bedroom.
> > > >
> > > > A few years ago it was impossible for joe average to shoot the live
> > > > scene of a national emergency via his cell phone, email that footage
> > > > to a national television station and that to be used as prime time
> > > > evidence of the incident, now it is.
> > > >
> > > > With this I look onto the media, its still using F-Secure press
> > > > releases for its news round.
> > > >
> > > > Your average joe is now able to creep behind the media wall and get
> > > > the news before the outlet gets time to read up.
> > > >
> > > > The fact, the media is becoming less important in the security arena
> > > > for bringing us news.
> > > >
> > > > Your average joe can configure google.com/ig to give them keyword news
> > > > thats coming onto the news wires and google.com/alerts can too.
> > > >
> > > > What used to be a government fundamental for the intelligence
> > > > services, is now becoming a challenge for them to know what user is
> > > > signed upto what and how much they know.
> > > >
> > > > Before it was more straight forward, they would know what news sites
> > > > were available as civilian intelligence sources but now its becoming
> > > > less obvious.
> > > >
> > > > The intelligence community are having to dig deep into online
> > > > community to see what is possibly being plotted and what sources of
> > > > information they have and the technique in which its gathered.
> > > >
> > > > Today the world is changing, what used to be charted water only
> > > > reserved for the intelligence services is now also being used by the
> > > > civilian population.
> > > >
> > > > It's scary times, hackers have the best ability to over come the
> > > > intelligence services, not the script kids, but the hackers!
> > > >
> > > > The main focus for the British intelligence service is mobile and
> > > > anything to do with radio frequency hacks, including RFID type stuff,
> > > > that's high on the British government look out.
> > > >
> > > > The media are hyping about mobile phone worm, while this hype *is*
> > > > unfounded right now, thats not to say its not top on the British
> > > > government's watch list of most desirable vulnerability threat vector
> > > > against national infrastructure of government and civilian population.
> > > >
> > > > The hax0r credibility score board from the government's point of view
> > > > isn't hacks in safari, fire fox or internet explorer, its
> > > > telecommunications and radio frequency hacks right now.
> > > >
> > > > So while you and your friends might think browser hacks, etc.. think
> > > > again, the real stuff that gets the UK government interested in you is
> > > > radio, mobile and chip hacks, anything to do with electronics and
> > > > communication, they don't actually give a fuck about applications, DNS
> > > > hacks, Cisco router hacks and the like.
> > > >
> > > > While those things like DNS hacks, Cisco router hacks and the like
> > > > are internet critical, they aren't national security critical...
> > > >
> > > > So hackers, if you want the most hax0r credibility points and
> > > > attention with the UK government, think national infrastructure, radio
> > > > frequency, chip hacks and mobile telecommunication interception.
> > > >
> > > > If you want head hunted into the UK government cyber defensive,
> > > > offensive and research departments go for those vectors... keep away
> > > > from silly stuff like web browser hacks, DNS poisoning, Cisco etc.
> > > >
> > > > How will the UK government contact you? Brute guys will jump out of a
> > > > range rover land rover which will have darkened windows and will give
> > > > you an offer you can't refuse after abducting you for five minutes
> > > > based on your research post on Full-Disclosure.
> > > >
> > > > All the best,
> > > >
> > > > n3td3v
> > > >
> > >
> > > ---------- Forwarded message ----------
> > > From: n3td3v <xploitable@gmail.com>
> > > Date: Sun, Apr 20, 2008 at 10:42 PM
> > > Subject: GSM Researcher stopped at Heathrow Airport by UK government
> > > officials
> > > To: n3td3v <n3td3v@googlegroups.com>
> > >
> > >
> > > I was leaving today from the United Kingdom/Heathrow airport. I am
> > > about to speak at the HITB IT security conference about GSM security
> > > and the USRP (gnu-radio project).
> > >
> > > I was searched by the UK government while waiting at the Gate and
> > > reading a newspaper. A UK Government employee flipped his badge and
> > > said "Let's talk. Come over here".
> > >
> > > They detained my USRP (Software Defined Radio), my mobile phone and my
> > > personal SIM card.
> > >
> > > They did their homework. They knew who I am, where i live, which day I
> > > speak at the conference and who I work for.
> > >
> > > I'm involved in the GSM software project where we also developed a new
> > > attack against the GSM encryption A51. We published our research in
> > > February at the Blackhat security conference in Washington DC.
> > >
> > > I understand that the government wanted to make sure that I'm not
> > > exporting any cryptanalytic device.
> > >
> > > I did not. I will not. The USRP is a radio. My mobile phone is a
> > > normal nokia 3310 phone and my SIM card is a sim card.
> > >
> > > They said they do not know what the USRP is and that I can not take it
> > > until they have checked it in the lab. This can take 14 days (1/2
> > > month).
> > >
> > > So be it. They have it for 14 days. Guys, enjoy the device! It's fun
> > > playing around with it!
> > >
> > > I'm uneasy that they took my mobile phone and my sim card. Having a
> > > pregnant wife at home and not being reachable complicates my
> > > situation.
> > >
> > > Is this common practice? Are they allowed to do this?
> > > Any tips how I can get my mobile phone and my sim card back quicker?
> > >
> > > Our project: http://wiki.thc.org/gsm
> > > The USRP is available from http://www.ettus.com
> > > The GNU RADIO project: http://www.gnu.org/software/gnuradio
> > >
> > >
> > > stunning,
> > >
> > > THC
> > > ---
> > > Appendix: Surprisingly they did not detain my laptop or my paperwork
> > > which would be the most likely place to store any information related
> > > to cracking A51. They were also not interested in my 160GB harddrive
> > > which would have been the obvious place for storing the rainbow
> > > tables. Neither were they interested in the high performance FPGA
> > > chip.
> > >
> > > Instead they took all equipment that could have been used for
> > > demonstrating that GSM signals can be received with publicly available
> > > hardware for 700 USD.
> > >
> > > It does not appear that they were after cryptanalytic information.
> > >
> > > I received a yellow paper about my detained goods. They left the field
> > > blank that reads
> > > "The goods specified below are detained for the following reason:". What
> > > reason?
> > >
> > > They also crossed out the field "Agent" of the officer who was in
> > > charge of the operation.
> > >
> > > ---
> > > UPDATE 2008-04-18
> > > Arrived back at Heathrow. Airplane crew announced "All passengers
> > > please have your passport ready. There is a passport check while
> > > leaving the airplane. Passenger Steve Mueller please make yourself
> > > noticeable to the crew. Steve Mueller please."
> > >
> > > They told me at the gate that I can get my equipment back. I had a
> > > chat with them and they answered many of my questions. They did not
> > > answer who requested that I should be searched when I left the
> > > country.
> > >
> > > I'm happy that I got my equipment back and I appreciate that they had
> > > it checked out quickly.
> > >
> > > I'm still not sure why they took exactly the radio receiver parts. I
> > > had to change my presentation for the conference and was not able to
> > > demonstrate the USRP/gnu-radio.
> > >
> > >
> > > http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow-Airport-by-UK-government-officials.html
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic