Shakacon 2018 Highlights

By MDL on July 13, 2018

The Shakacon X IT Security Conference was held at the Prince Waikiki on July 11-12, 2018.

Stealth Mango & Tangelo: Selling your fruits to state actors

Andrew Blaich and Michael Flossman, Lookout

Blaich and Flossman trace the path of spouseware that is being adapted, sold, and used by nation state actors. Spouseware is surveillance software generally used to spy on a spouse or partner. Legitimate spouseware apps available in the Google Play store share code and C2 infrastructure with surveillance software being used by nation state actors because the same developers work on both. Adapting spouseware to nation state surveillance is easy because both have the same goals and need to have the same capabilities: device info and tracking, call logs, screen capture, audio recording, photo and file stealing.

Lookout, Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials

 

The Rise of the Middle East- Blue vs Red

Mukund Hirani and Dan Caban, Mandiant

Hirani and Caban provide an overview of Iranian threat actors APT 33, APT 34, APT 35 and others. The explored the targets and TTPs of each group, described similarities and differences between them, and discussed the process that they as researchers used to gather information and study the groups.

FireEye, Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign

FireEye, Advanced Persistent Threat Groups

How to Rob a Bank Over the Phone

Joshua Crumbaugh, Naga Security

Crumbach talks the audience through one social engineering operation that occurred while performing a pen test on a bank. Into his story of how a phone conversation led to physical access of a bank vault full of money, he weaves in in tips for social engineering success.

 

Hell of Attribution: Olympic Destroyer is here to Trick the Industry

Seongsu Park, Kaspersky Lab GReAT

Park describes his team’s experiences with tracking Olympic Destroyer and the cyberattack on the Pyeongchang 2018 Winter Olympics. He discusses malware characteristics including the false flag tactics used to make Olympic Destroyer appear to be the work of Bluenoroff, a subgroup of the North Korea affiliated group Lazarus, who was initially suspected as the culprit. The threat group Kaspersky calls Hades is thought to be responsible. Olympic Destroyer infections did not cease after the 2018 Winter Olympics. They have continued with new targets on financial institutions in Russia and biological and chemical threat prevention laboratories in Europe. Although Park did not discuss a location or country affiliation for the Hades threat group, Kaspersky Labs’s Securelist APT Trends Report for Q2 2018 notes similarities between Olympic Destroyer activity and the Sofacy Group associated with the Russian military intelligence agency GRU.

Kaspersky, SecureList, OlympicDestroyer is here to trick the industry

Kaspersky, SecureList, Olympic Destroyer is still alive

 

Keynote: What is the hacker community?

Johnny Long, Hackers for Charity

Johnny Long, author of Google Hacking for Penetration Testing and twelve other infosec books, talked about how the hacker community came together to support work he has done to further technology education around the world, including: setting up computer learning centers, vocational training, and hackerspaces in Uganda, offline education stations and robotics programs in Kenya, disaster response technology support in Puerto Rico after Hurricane Maria, and creating community security awareness training classes and makerspaces in Louisville and other cities in the US.

Hackers for Charity

 

Honorable Mentions:

Lockpicking Village run by Lady Merlin and TOOOL

IOT Village and CTF run by Independent Security Evaluators

Shakacon Drive-by Conference Check-in