Monthly Archives: November 2017

CERT-EE is looking for monitoring specialists and security experts

INFORMATION SECURITY EXPERT

The main tasks:
• Information security incident investigation, solving and technical analysis;
• Network monitoring;
• Threat and vulnerability monitoring, reaction and solving;
• Development of technical solutions;
• Log analysis;
• Performing tasks of international contact point in incident investigation and solving.

MONITORING SPECIALIST

The main tasks:
• Information security incident monitoring and management 24/7.
• Incident monitoring and management of RIA services and state networks;
• Tracking of information security news and compilation of summary;
• Performing tasks of international contact point in incident investigation and solving.

If you think that you are the person we are looking for, send your CV together with suggested amount of salary to klaid@cert.ee until 05.12.2017.

Links:
https://twitter.com/CERT_EE/status/933023046927077376
https://cybersec.ee/wp-content/uploads/2017/11/CERT_seirespetsialist.jpg
https://cybersec.ee/wp-content/uploads/2017/11/CERT_infoturbeekspert.jpg

Security Software OÜ is looking for security operators

We are looking for a competent security operator to undertake the surveillance of our customers IT systems, networks, servers, and operate the security measures of our customers. You will be responsible for detecting any suspicious network behavior and reacting accordingly. The ideal candidate will inspire respect and authority as well as possess a high level of observation.

Responsibilities:
• Patrol system logs for threats
• Respond to alarms by investigating and assessing the situation
• Remove hackers, trespassers, and policy violators from network
• Work with customer IT staff to secure all endpoints, network devices, servers, services, and IoT
• Provide assistance to customer IT staff
• Apprehend and detain perpetrators
• Submit periodic reports of surveillance activity and important occurrences

Soft skills & personality:
• Sharp mind, act fast
• Investigative mindset
• Tech-savvy
• Dealing with uncertainty

Technical knowledge (work experience or learning):
• Networks – good understanding of how computer networks work
• Windows – yes – people use Windows
• Linux – yes – people use Linux
• Scripting – comfortable working with PERL

Links:
https://secsoft.ee/wp-content/uploads/2017/11/SECURITY-OPERATOR.pdf

Seminar on secure SSL load balancer configuration

Santa Monica Networks and F5 invites you to attend the morning seminar on November 17 at 08:30 – 12:30 at the LIFT99 event center. At the seminar, we will look at how the F5 SSL Orchestrator works, and discuss the typical errors that are being encountered in setting up the load balancer.

Day plan:
08:30 – 09:00 Morning coffee and check-in
09:00 – 10:30 F5 Networks SSL Orchestrator – how does it work, what does it do?
Continuing this year’s Security Day seminars on HTTPS visibility and F5 SSL Orchestrator themes, you can now learn about SSLO setup options and its functionality from a technical demo.
– Tarmo Mamers | Network Security Specialist @ Santa Monica Networks
10:30 – 10:45 Coffee break
10:45 – 11:30 Load balancer to identify a person – what could go wrong there?
Typical errors that occur when setting up the load divider. By living examples, it turns out how criminals can exploit such weaknesses and can be done by each network gatekeeper to prevent such errors.
– Mait Peekma | Pentester, trainer @ Clarified Security
11:30 – 12:30 Lunch @ F-Building
Seminar presentations are in Estonian

Because we remember how misconfiguration of F5 SSL load balancer used by SEB and Swedbank allowed to bypass ID card authentication.

Links:
https://www.eventbrite.com/e/f5-avab-https-liikluse-mis-edasi-saab-hommikuseminar-tickets-39077653313

Russian student accused of penetrating state systems on the orders of FSB

This past weekend, Estonian Internal Security Service agents at the border checkpoint in Narva arrested a man on his way to Russia suspected of acting as an agent for the Federal Security Service of the Russian Federation (FSB). The Russian citizen is suspected of non-violent activities against the Republic of Estonia and the preparation of computer-related crime. The targets in his activities against Estonia were Estonian state agencies.

The suspect is a young man with a very high IT skills proficiency. He arrived in Estonia «some time ago» with a valid visa. This was supposed to dispel all suspicions. The Estonian Internal Security Service (KAPO) believes the man was instructed by the FSB on what to do and take interest in while still in Russia. The young man was supposed to use his skills to find weaknesses in the computer networks of Estonian state agencies. Because KAPO needed proof of the agents actions, and because there was no direct and acute threat to the state, the agency placed the spy under surveillance and allowed him to continue his activities. Postimees has been told that all attempts by the IT specialist to penetrate Estonian networks failed. The man was apprehended a few hundred yards from the Russian border in Narva while on his way back during the weekend.

Story by the Russian news agency 47news.ru:

On suspicion of cyber espionage, the special services of Estonia detained a 20-year-old student from Kingisepp – Aleksei Vasilev. He was called an agent of the FSB. And 47news believes that so treacherous neighbors want to humiliate our State security.

As far as it is currently known, Aleksei from age 16 to 19 studied in the Estonian college (Ida-Virumaa Vocational Education Centre). Then a year he worked in Russia, at age 19 he returned to Estonia and started studies (in Virumaa College of TUT) as a programmer. In Estonia he resided on the basis of student’s residence permit.

With the Aleksei’s 38-year-old mother, Elena Pesovets, the embassy already talked. She is also a resident of Kingisepp. The 47news also talked with Elena.
– Aleksei graduated from some kind of a specialized class?
No, the usual Kingisepp school. Nine classes. Then he went to Sillamäe College (Ida-Virumaa Vocational Education Centre) to study as a programmer. Then for the higher education in Kohtla-Jarve (Virumaa College of TUT). He planned to work in profession.
– But why he did not try to study in Petersburg?
In St. Petersburg, tuition fees must be paid, but in Estonia it is free.
– But to work, to build a career he planned in Russia?
He did not think about it yet, he wanted to get the higher education, and after that to choose.
– Did he had any problems with the Estonian language?
He does not know Estonian well. But in Sillamäe and Kohtla-Järve studies are in Russian. It was not required to know Estonian to study.
– Computers are his main hobby?
Yes, he was fond of computers. But his friends, like for every guy – classmates. He does not smoke, does not drink alcohol, does not rove. Every weekend he came home. He has two brothers. All the time at home with them.
– And he lived on a scholarship or worked part-time somewhere?
He got a scholarship, and I gave him money. Like all students.
– Did you spoke with your son?
There is no connection. No possibilities to meet. I am preparing the documents. I only know one thing: my son is not a criminal.

In this story there is an incomprehensible or unpleasant yet nuance. When, after detention, an employee of the Russian embassy arrived at the detention center, instead of Aleksei, a police officer came out. He acquainted our diplomat with the paper signed by the detainee. In it, Aleksei says that he is acquainted with his rights, but he does not need the services of the embassy. But most likely, this is a childish step.

Links:
http://news.err.ee/641144/estonia-s-internal-security-service-arrests-fsb-agent-at-border-in-narva
https://news.postimees.ee/4301995/estonian-officials-detain-suspected-russian-fsb-agent
https://news.postimees.ee/4304097/fsb-agent-tried-to-penetrate-computer-networks
http://news.err.ee/642040/russian-consul-to-meet-with-alleged-fsb-agent-arrested-in-narva
http://47news.ru/articles/129730/
http://www.delfi.ee/news/paevauudised/eesti/arvatav-fsb-agent-oppis-ttu-virumaa-kolledzis-tootmise-automatiseerimise-erialal?id=80143588
http://www.delfi.ee/news/paevauudised/valismaa/mis-portaal-on-arvatavast-fsb-agendist-kirjutav-47newsru?id=80133554
http://www.delfi.ee/news/paevauudised/valismaa/eesti-piiril-vahistatud-fsb-agendi-ema-mu-poeg-ei-ole-mingi-kurjategija?id=80133274
http://www.delfi.ee/news/paevauudised/krimi/fotod-vene-portaal-narvas-kinnipeetud-arvatav-fsb-agent-on-20-aastane-noormees-kes-oppis-eestis-programmeerijaks?id=80132390
http://epl.delfi.ee/news/eesti/kas-vahistatud-fsb-agent-uritas-tungida-eesti-riigiasutuste-arvutisusteemi?id=80089576
http://www.delfi.ee/news/paevauudised/krimi/arvatav-fsb-agent-oli-kutsekoolis-oppides-viks-ja-viisakas-soprade-hinnangul-aus-ja-kohusetundlik?id=80147726
https://geenius.ee/uudis/kirglikust-arvutimangurist-luureagendiks-erakordne-see-et-onnestus-toestada-side-fsbga/
http://news.err.ee/642503/russian-embassy-puzzled-by-allegations-of-arrested-russian-being-fsb-agent
http://epl.delfi.ee/news/arvamus/urmas-sutrop-fsb-puuab-oma-arvatavast-agendist-teha-kannatajat-keda-koik-lausa-peavad-armastama-head-poega-ja-leebet-melomaani?id=80153888
https://news.postimees.ee/4333375/arrests-take-romance-out-of-spying

Using the Estonian Electronic Identity Card for Authentication to a Machine

Abstract: The electronic chip of the Estonian ID card is widely used in Estonia to identify the cardholder to a machine. For example, the electronic ID card can be used to collect rewards in customer loyalty programs, authenticate to public printers and self-checkout machines in libraries, and even unlock doors and gain access to restricted areas.
This paper studies the security aspects of using the Estonian ID card for this purpose. The paper shows that the way the ID card is currently being used provides little to no assurance to the terminal about the identity of the cardholder. To demonstrate this, an ID card emulator is built, which emulates the electronic chip of the Estonian ID card as much as possible and is able to successfully impersonate the real ID card to the terminals deployed in practice. The exact mechanisms used by the terminals to authenticate the ID card are studied and possible security improvements for the Estonian ID card are discussed.

The TLDR; of the paper is that when the ID card is used to authenticate to a machine (unless PIN1/PIN2 is involved), the ID card does not provide additional authentication factor. This is not a surprise to anyone who is familiar with the technology, but some still believe that ID card provides some security over the magnetic-stripe card.

The paper describes proof-of-concept implementation of non-cryptographic “ID card emulator” and demonstrates transplantation of the fake chip to a real ID card.

Links:
https://eprint.iacr.org/2017/880.pdf
https://kodu.ut.ee/~arnis/EstEID_keycard_slides.pdf

Women in Cybersecurity Conference

NB! Our event is directed towards both men and women, already in the world of IT and also outside of it.

Speakers :
– Karina Egipt — Identity Impact Manager at Nortal, Estonian Information Technology College
– Sille Laks — CERT Estonia
– Karen K. Burns — Director, Consulting – Cybersecurity, AS CGI Eesti
– Anna-Maria Osula — Legal researcher at the NATO Cooperative Cyber Defence Centre of Excellence
– Jaanika Merilo — Vice Mayor of Dnipro, Advisor to Minister of Infrastructure and Transportation and Mayor of Lviv
– Birgy Lorenz — TTÜ teacher, general promoter of IT in Estonia, CyberOlympics organiser
– Kaie Maennel — Cybersecurity PhD student at TUT, Cyber forensics graduate, Deloitte auditor
– Shaymaa Mamdouh —TUT Cyber Security student, mother

The conference entitled Women in Cybersecurity, which will take place at Tallinn University of Technology on 11th of November 2017, will aim to draw attention to the disproportionately smaller amount of women compared to men in the field.

We will discuss the potential of women taking a leading role in addressing the problem. Panelists are invited to speak about the importance of gender equality in this very field, tell about women leadership, career perspectives in Cyber Security and how the environment supports women. They are also invited to share their fields of interests and research as professionals.

Our team would like to introduce these three branches of cybersecurity:
• Governance and NGO’s;
• Business and Technology;
• Academia.

Women studying Cyber Security in Estonia will be invited also and will be able to present their stories the same way the keynotes will be at the Poster Session. The poster of each woman will tell their story of how they came to cybersecurity, what inspires them the most, the difficulties they’ve met and their field of interest. Women presenting their posters will be granted a certificate and are more than welcome to share theri experience in their CVs in future. Participants will be able to interact with the story-tellers during the time allocated.

We believe that the mission for women in IT and Cyber Security is to help illuminate the path for progress.

Links:
https://www.facebook.com/events/293943887776558/