Monthly Archives: August 2016

Red team exercises are like vaccination against attacks?

Yesterday, I have been asked what exactly RTEs are and why are they useful?

As I believe a good analogy worth a thousand words, I tried to find one than can be understood by any layman. The vaccine principle stroked me as the perfect one.

Baby was receiving his scheduled vaccine injection in his right

Red Team Exercises principle is to launch an attack against your organisation like a vaccine will do to your body. The mechanisms used by the vaccine are exactly the same as the real virus except it doesn’t destroy or weakened your body. Instead it allows your body to learn how to fight it in order to be better prepared when he will face the real deal.

That’s exactly what RTEs are about: boosting your company’s immune system by allowing your white cells (your security personnel) to learn how to fight the intruder.

How often did we hear that a risk assessment was extravagant because the system administrators thought the system was not so sensitive for the company business? How many times have we been told that a kind of attack was difficult to carry or that we had view too many James Bond like movies? Rarely does that happen after an RTE as vague threats become concrete and evidenced. It allows your operational teams to better understand that the reality of this “war” against criminals is not about isolated risks but systemic risks. It is about preventing viruses to enter your body. Any breathing, any wound, any contact with an external source can be start of a chain of events that will lead to your infection. And sometimes, infection means death if you don’t threat it well on time.

As there is as many vaccines as there are viruses, there are as many RTE scenarios as possible attacks and threats: Cyber-attacks, credit-card fraud, identity fraud, espionage, theft, industrial espionage and so on.

So, what disease are you the most afraid of?

Victim of a ransomware? Call the Crypto Sheriff!

Ransomware are not new but they become more and more efficient and, consequently, make more victims.

RANSOMWARE: Malware encrypting your files on your hard disk, making them inaccessible by you, so they can ransom you to allow you to decrypt them.

Even large companies, despites their multiple layers of security and anti-malware protections, are victims of these. The luckiest can rely on their backups to restore the lost data, the others pay it cash, either to the criminals or in business losses, or sometimes both (as paying doesn’t always guarantee that you will get a cure).

Ransomware is a plague against which smaller companies and individual are often defenceless. Not anymore, as Crypto Sheriff has arrived.

RW-Sheriff

Crypto Sheriff is a free service brought to you by Europol, the Dutch police, Kaspersky labs and Intel Security (ex McAfee) through the website: https://www.nomoreransom.org.

It allows you to submit sample of encrypted files and copies of the ransom note in order to analyse the malware used and possibly find a cure. It provides also decryption tools working on some of the most common malware like Chimera, Teslacrypt or coinvault.

Moreover, as prevention is always better than damage control, it will also provide you some basic tips to prevent such infection.

Let’s visit the Crypto Sheriff. Hihaaa!

To protect against quantum computers, will we have quantum teleportation?

It sounds a bit like a bad sci-fi movie but its becoming reality. A few days ago, on August 16th 2016, China launched Micius, the world first quantum satellite (as reported by Quartz or BBC News).

Quantum satellite? I won’t try to explain quantum physics in a nutshell, I’m totally unqualified for that but I would like to come back one one of my last post of 2015 (in french) to make my point. End 2015,  Google and NASA announced that they purchased a D-Wave X2 super quantum computer on which they succeed to perform some quantum specific computation 100 millions time faster than on an actual average computer. As such, it was a clear indicator that our prediction on actual cryptographic algorithms and keys resistance will have to be reviewed soon. With an estimated cost of 15 millions of US Dollars, the X2 is affordable for any country, large corporation or major criminal organization in the world. Scary, no?

You may imagine that we were not the first to know and that states likes US, Russia or China are actively looking for a solution to further secure their sensitive and secret communications in the (near) future. One of the well known principle in cryptography, and you don’t need to have a degree in advance mathematics to understand it, is that a message crypted with a key as long as the message itself (and used only once) is virtually unbreakable. You don’t even need a complicated algorithm, a simple rotation will make it so. Of course, exchanging a new key for every message send is a bit complicated and security of the key exchange will soon become the weakness of the system. Too bad! Except if we use quantum teleportation.

Here again, I won’t go deeper into the technicalities but, to keep it simple, imagine you can bind the state (ON and OFF, 0 or 1) of two objects together, whatever the distance between them. When you change the state of the first one, the second one change accordingly simultaneously. That’s exactly what happens with two atoms or two photons when they are entangled (another quantum physics phenomenon called quantum entanglement).

The nice feature of quantum entanglement is that it is totally simultaneous, whatever the distance (no communication delay) and that it is not possible (so far) to intercept or block the communciation.  As reading the states changes it, it is not (yet) possible to exchange binary information as we do it with current digital communication means. However, the advantage of this “feature” is that if a third party tries to read the state of the atom, it will be noticed by the two other participants. So your communication, at least from atom to atom, is secure and has a intrusion detection mechanism embedded. Nice, isn’t it?

But, what’s the point if we can’t send messages using this technique? We can’t send message but it seems that it can be used to securely exchange random keys (I have to admit that I don’t get yet how they do this, based on what I just wrote). If you use very long keys (as long as your message) generated by this quantum teleportation mean, you can have, again, very secure communication using a classical encrypted communication channel.

In such a way, even with quantum computers, it wouldn’t be possible to “crack” your keys and your messages’ confidentiality during transport would be completely guaranteed. Unless science allows us to predict the modification of the measured property of the entangled atom without modifying its state as it is suggested in this vulgarization article on quantum cryptography.

This said, let’s come back to Micius. Micius has some quantum entangled atoms inside it (their “twins” are still on earth, of course) and China, with Austrian researchers, will try to validate the effectiveness of the communication between entangled atom on large distance (above 1200 km). That’s a statement, no?

So, we are not there yet but the future is tomorrow and we better get ready for it because it will really raise the bar of the complexity of our systems, reducing our understanding of it and, hence, our control over it.

Live long and prosper!