Things I learned at RootCon 2016 | mb.com.ph | Philippine News
Home  » Business » Business Tech » Things I learned at RootCon 2016

Things I learned at RootCon 2016

Things I learned at RootCon 2016 | 2016.mb.com.ph

Things I learned at RootCon 2016 | 2016.mb.com.ph

1. Persistence Pays off
How did the Duter Team (representing the Philippines) win the “Capture the Packet” at the US DEFCON24 competition against teams like Squirttle Squad, Friday Bird, SEC DSM, RFC 3514, Laser Unicorn, Slipnyx77, Digrev, ATL, AOL Junkies and IP Often? Given that the other teams were far better equipped/financed while Duter Team’s resources were much meager? Visualize David versus Goliath and you get the idea.

The win was the culmination of a five year effort where the first four years built up enough experience for the major win on the fifth year. While they lost in each of the past four years, their participation gave them valuable insights which included:
• Using higher powered notebooks in the competition with SSDs as well.
• Optimization matters – Wireshark processing was too slow otherwise.
• Split up the capture from the analysis part.
• Pre-filter the captured packets into separate streams (by ftp, by voip, by http etc)
• Study esoteric protocols like SCADA, OSPF, VPN, Applettalk, IPX/SPX and Multipath TCP
• Practical stuff like having pen and paper to make quick notes, a timer to monitor the time remaining.

Overall lesson? Think long term and be not afraid to fail forward.

Capture the Flag competition is where teams make use of their forensic skills to solve puzzles given only a live stream of 1gbps captured network traffic. Each round last around 2 hours with increasing difficulties and points.

True to their nature, the Duter Team asked to have their identities kept secret. We will only say that the duo (Mon and Siege) is made up of IT pros with roots from University of the Philippines system. They brought honor and prestige to the Philippine IT community.

2. Faraday Cages to the Rescue
Air Gapped PCs could still be compromised by Funtenna a software exploit that can turn a device with embedded computing power into a radio-based backchannel to broadcast data to an attacker without using Wi-Fi, Bluetooth, or other known wireless communications channel. So your secure room needs a Faraday cage to block radio emissions coming out of your devices.
Apparently this was common knowledge and I was the only one in the event that did not know this 

3. PKI and Authentication Systems
Access to computer systems might be better served by PKI (Public Key Infrastructure) basically client and server certificates instead of the usual username password authentication. Lawrence Hughes is a crypto-genius.
4. Hacking your Neighbor’s Internet
DSL modems like those used by the Philippines’ “most loved telco” could easily be compromised through CSRF (Cross-Site Request Forgery), XSS (Cross-Site Scripting) and “pwned”. Vulnerable routers models “SpeedSurf 504AN” and “Kasda KW58293”. Check your DSL modem and see if your modem has those. Contact Eski about this for more details 

5. Rise of Ransomware
Backup your important data and do it with 3 sets. According to Jaaziel Sam Carlos, this is the only way you can avoid having to pay criminal hackers when their malware locks up your data with encryption. It would be near impossible to de-crypt it without the private key. You get the key only when you pay the ‘ransom’ via a bitcoin link. Average ransom paid out was USD 300. A US Hospital paid USD 17,000 to get their data back. Top ransomwares include Locky, CryptProjectXX, Cerber, Petya.

6. “Comeleak” was a Dud
Owing to legal concept called subjudice, the organizers were stopped from presenting the juicy inside info on how the “Comeleak” was executed. I did hear “murmurs” that it took the hacker/s only about 10 hours to download the entire data set (probably over 300 gb file size) using a fast pipe. I suppose the file was either compressed from the start, or the hackers compressed it before downloading it.

The key question asked was why the Comelec missed such a large outbound traffic going out of their servers? One of the guys that was arrested for the comeleak was supposedly in the crowd at RootCon. How was he caught? Reports say that he uploaded a how-to video on YouTube where his full name was exposed when he clicked on his computer’s “start” button- or was that intentional? 

7. Attacks on Telnet and the rise of IoT
Antawn Orpilla’s talk about ThingBots (Bot army made up of IoT) and their malware (Lizzard Stresser, TheMoon, Wifatch, Carna, Darloz, Aidra) finally answered a puzzle of why our networks were seeing a rising level of attacks on port 23 (Telnet). Apparently these are ThingBots trying to infect IoT devices behind our firewall. Note to Admins: Have you blocked port 23 yet?
Note to Pandora Labs. We could use big data analytics on source of attacks to get an idea of the number of IoT devices worldwide. And track it’s growth over the years?

8. RootCon is a Security Talent recruitment ground
Security firms (local and international) littered the event looking for people to hire. Local talents were sizing up the firms to see which companies to apply to. Pity that other talented hackers who couldn’t afford the registration weren’t in attendance. Maybe RootCon’s Dax could come up with a “Fellowship” award to help defray the cost and enable financially strapped but talented people to join the fun?

9. How Hacker Jeopardy is played
RootCon has a traditional closing event. This is the Hacker Jeopardy where each team chooses a category and level of difficulty. Each choice has an associated number of beer glasses/shots. If they win, all the other teams have to drink that amount of beer. If they lose, they drink the stated number. Needless to say, due to intoxication, it is rare for the contest to get past level 2. With hacker jeopardy babes like this pouring your drinks, who could resist?

Things I learned at RootCon 2016 | 2016.mb.com.ph

Things I learned at RootCon 2016 | 2016.mb.com.ph

No, not you Lawrence.