July 10-14, 2017, Estonian Information Technology College, Tallinn
A main focus on this year’s Cyber Security Summer School will be social engineering. With experts from all faculties, including computer science, law, criminology, forensics and psychology, the Summer School tries to give an impression on how and why social engineering works, how to prevent social engineering and how to find evidence for social engineering attacks.
Speakers:
Dirk Labudde, The University of Applied Sciences Mittweida, Germany
Jeffrey Moulton, Louisiana State University, USA
Sandra Matz, University of Cambridge Psychometrics Centre, UK
Vesselin Popov, University of Cambridge Psychometrics Centre, UKMonday, July 10th
08:00 – 09:00 Registration. Breakfast at IT College bitStop Cafe
09:00 – 09:30 Welcome by the organizers. Practical information
09:30 – 10:30 Introduction of the speakers and mentors. Allocation of teams
10:30 – 11:00 Coffee break
11:00 – 12:30 Talk by Freddy Dezeure “Main Cyber Threats Affecting Our Society and How Your Social Footprint Helps the Adversary”
12:30 – 13:30 Lunch break at IT College bitStop Cafe
13:30 – 14:30 Talk by Aunshul Rege “Tainted Love: Social Engineering at Dating Websites”
14:30 – 15:30 Cases by Kieren Niĉolas Lovell
15:30 – 16:00 Coffee break
16:00 – 17:00 Introduction to CTF. Introduction of CTF-teams
17:30 – 20:00 Dinner and welcome party at IT College bitStop CafeTuesday, July 11th
08:00 – 09:00 Breakfast at IT College bitStop Cafe
09:00 – 10:00 CTF-team-time
10:00 – 11:00 Talk by Didier Meuwly
11:00 – 11:30 Coffee break
11:30 – 12:30 Talk by Vesselin Popov on Big Data, Psychometrics and Profiling
12:30 – 13:30 Lunch break at IT College bitStop Cafe
13:30 – 14:30 Social Engineering Talk by Dirk Labudde
14:30 – 15:00 CTF-team-time
15:00 – 15:30 Coffee break
15:30 – 16:15 Talk by Tobias Eggendorfer: How (not) to be phished
16:15 – 17:00 CTF-team-time
17:30 – 18:30 Dinner at IT College bitStop CafeWednesday, July 12th
08:00 – 09:00 Breakfast at IT College bitStop Cafe
09:00 – 09:30 Presentations by CTF-teams on their results
09:30 – 10:30 Hands on Session by Dirk Labudde (Part 1)
10:30 – 11:00 Coffee break
11:00 – 12:30 Hands on Session by Dirk Labudde (Part 2)
12:30 – 13:30 Lunch break at IT College bitSop Cafe
13:30 – 15:00 Talk by Ralph Echemendia
15:00 – 15:30 Coffee break
15:30 – 16:15 Talk by Aleks Koha and Leonardo Romanello on Tools against Social Engineering
16:15 – 17:30 Briefing on the morning presentation, status update on the flags and CTF-team-time
17:30 – 18:30 Dinner at IT College bitStop CafeThursday, July 13th
08:00 – 09:00 Breakfast at IT College bitStop Cafe
09:00 – 10:30 CTF-team-time
10:30 – 11:00 Coffee break
11:00 – 12:30 CTF-team-time
12:30 – 13:30 Lunch break at IT College bitStop Cafe
13:30 – 15:00 Talk by Jeffrey Moulton “Privacy in the Digital World”, “This is Personal – Part II, The Internet of You”
15:00 – 15:30 Coffee break
15:30 – 17:30 CTF-team-time
18:30 Bus transfer IT College – city centre
19:00 – 22:00 Reception dinner in the Crown Hall of the Tallinn Teachers’ House (Tallinna Õpetajate Maja) at the Town Hall Square (Raekoja plats 14).
22:30 Bus transfer city centre – IT CollegeFriday, July 14th
08:00 – 09:00 Breakfast at IT College bitStop Cafe
09:00 – 09:30 Status of CTF-Teams
09:30 – 10:00 Last flags for CTF
10:00 – 12:30 Presentations by CTF-Teams on their results
12:30 – 13:30 Lunch break at IT College bitStop Cafe
13:30 – 15:00 Report writing and feedback
15:00 – 15:30 Coffee break
15:30 – 16:30 Announcing the winner of CTF. Wrap-up, defusing, feedback to the organizers
16:30 – 17:30 Dinner at IT College bitStop Cafe
Guardtime to design new NATO Cyber Range platform
Guardtime announced today that they have been awarded a contract by the Estonian Ministry of Defence under the auspices of NATO to design the next generation NATO cyber range. The new range design will considerably enhance NATO’s cyber, electronic warfare and intelligence, test, rehearsal, and mission refinement capabilities and promote effective cooperation and collaboration of state of the art tools, techniques, and procedures (TTP) to provide NATO range users with a credible capability and options for blue and red team planning activities.
Martin Ruubel, President of Guardtime Estonia said: “When designing and building the defence focused exercise ranges, Guardtime always aims at the principle: “We train as we fight”. For NATO we will provide a state of the art flexible, operationally relevant and representative environment design that enables integrated simulation and training and collaboration for a wide variety of blue and red team cyber mission exercise areas, enabling NATO cyber range users the ability to securely collaborate and refine their tools and tactics.”
It is interesting that Guardtime, the company providing blockchain-based log integrity solutions, has ambition to design new NATO Cyber Range platform. Seems that Guardtime’s plans to become general-purpose cyber security service provider.
Links:
https://guardtime.com/blog/guardtime-awarded-contract-for-nato-cyber-range
http://bravenewcoin.com/news/blockchain-developers-guardtime-to-design-next-generation-nato-cyber-range-capability/
Estonian Voting Verification Mechanism Revisited (Again)
Two papers on the topic. The first:
Abstract: After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices [..] However, the verification phase ends by displaying the cast vote in plain form on the verification device. [..] In this respect, we propose an alternative verification mechanism for the Estonian i-voting system to overcome this vulnerability.
The second:
Abstract: Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. In addition, the proposal would seriously harm usability of the Estonian vote verification scheme.
TL;DR: Turkish researchers see a privacy risk in the verification process which lets voter’s mobile device to learn for whom the vote was given. Estonian researchers in the counter paper argue why the proposed improvements do not solve the issue, instead decreasing the security of the scheme.
Links:
https://eprint.iacr.org/2016/1125
https://eprint.iacr.org/2017/081
International Conference on Cyber Conflict: Junior Scholar Award 2017
The 9th International Conference on Cyber Conflict, focusing on the theme Defending the Core, invites junior scholars to submit Master’s theses for the Junior Scholar Award. The purpose of this CyCon 2017 award is to encourage and reward research on a wide range of topics related to cyber defence.
Candidates who have graduated with a Master degree or equivalent after 01 January 2015, in studies such as law, computer or political science or other relevant academic fields are eligible. The finalists of the CyCon 2017 Junior Scholar Award will be notified no later than 28 April 2017 and granted full free entry to the conference. Accommodation and travel expenses will not be covered.
All finalists will present their Master’s thesis results in a 15-minute presentation in the Junior Scholar conference session. An Award Committee will evaluate the presentations and can grant the following awards:
1st place: 1000 Euro
2nd place: 600 Euro
3rd place: 400 Euro
There are quite a lot MSc thesis tracked by this resource that would definitely qualify for the award. Application deadline 20 March 2017.
Links:
https://ccdcoe.org/cycon/junior-scholar-award-2017.html
Estonian delegation answers to EU encryption questionnaire
Council of the European Union has prepared a questionnaire to map the situation and identify the obstacles faced by law enforcement authorities when gathering or securing encrypted e-evidence for the purposes of criminal proceedings. These are the answers from the Estonian delegation obtained by a public information request:
1. How often do you encounter encryption in your operational activities and while gathering
electronic evidence/evidence in cyber space in the course of criminal procedures?
o often (in many cases)2. What are the main types of encryption mostly encountered during criminal investigations
in cyberspace?
o HTTPS, TOR, P2P / I2P, e-communications (through applications such as Skype, WhatsApp, Facebook, etc.)
o offline encryption – encrypted digital devices (mobile phone / tablet /computer), encrypting applications (TrueCrypt / VeraCrypt / DiskCryptor, etc)3. Under your national law, is there an obligation for the suspects or accused, or persons who
are in possession of a device/e-data relevant for the criminal proceedings, or any other person to provide law enforcement authorities with encryption keys/passwords?
o No. Pursuant to Article 215 of the Criminal Procedure Code, investigative authorities and prosecutor’s offices can order the production of data from any person. Suspect and accused person do not have to disclose encyption keys/passwords.5. Under your national law, is it possible to intercept/monitor encrypted data flow to obtain
decrypted data for the purposes of criminal proceedings? If so, is a judicial order (from a
prosecutor or a judge) required?
o Yes. §126.7. Wire-tapping or covert observation of information.8. Do you consider that your current national law allows sufficiently effective securing of e-evidence when encrypted?
o Yes. Current legislation to gather evidence can be considered sufficient. The challenges related to encryption as more or less of technical nature.10. In your view, will measures in this regard need to be adopted at EU level in the future?
o practical (e. g. development of practical tools for police and judicial authorities)
o improve exchange of information and best practices between police and judicial authorities
o create conditions for improving technical expertise at EU level
Basically, Estonian delegation answer can be read as “not interested in EU-level crypto backdoors”. Which is good, but could have been said more explicitly.
There are positive signs on EU-level for opposing legislation for backdoors:
Andrus Ansip, the Commission vice president in charge of the EU’s technology policies, has said he opposes laws that force companies to create backdoors to weaken encryption.
Europol, the EU law enforcement agency, and ENISA, the agency in charge of cybersecurity, signed an agreement in May opposing laws that strongarm firms into providing backdoors.
Links:
https://www.asktheeu.org/en/request/3347/response/11727/attach/5/Encryption%20questionnaire%20ESTONIA.pdf
https://www.techdirt.com/articles/20161127/18352736140/encryption-survey-indicates-law-enforcement-feels-behind-tech-curve-is-willing-to-create-backdoors-to-catch-up.shtml
http://www.euractiv.com/section/social-europe-jobs/news/five-member-states-want-eu-wide-laws-on-encryption/
PhD thesis: “Software Technology for Cyber Security Simulations”
Andres Ojamaa PhD thesis: “Software Technology for Cyber Security Simulations”
Defense date: 15.12.2016Supervisors:
Enn Tõugu, D. Sc., Institute of Cybernetics Tallinn University of Technology, Tallinn, Estonia
Jaan Penjam, PhD, Institute of Cybernetics, Tallinn University of Technology, Tallinn, EstoniaOpponents:
Margus Veanes, PhD, Research in Software Engineering (RiSE) Group Microsoft Research, Redmond, USA
Christian Czosseck, PhD, Head Laboratory at CERT Bw, GermanySummary:
The goal of the work is to develop smart cyber security simulation tools. This includes methods, technology and freely available software tools for cyber security simulation that will be applicable to wide set of problems and will be economical and time-efficient, while still providing the required precision.
Links:
https://digi.lib.ttu.ee/i/?7088
https://ttu.ee/news/events/research-32/phd-defences/defence-of-the-phd-thesis-158/
Case study on Estonian public transportation RFID/NFC card security
This report talks about security of NFC/RFID cards. It first describes the most widely-used type of cards, MIFARE Classic, and then considers a real-life application, namely Estonian public transportation cards. The communication between a real card reader installed in Tartu bus and a Tallinn public transportation card is eavesdropped and analysed on high level.
The report has been published for the UT course “Research Seminar in Cryptography (MTAT.07.022)”.
Links:
https://courses.cs.ut.ee/MTAT.07.022/2016_fall/uploads/Main/yauhen-report-f16.pdf
https://courses.cs.ut.ee/MTAT.07.022/2016_fall/uploads/Main/jan_project_fall_2016.pdf
http://geenius.ee/uudis/kruptograaf-tallinna-ja-tartu-uhistranspordisusteemid-piisavalt-turvalised/
http://geenius.ee/uudis/tudengid-leidsid-et-tallinna-ja-tartu-uhistranspordikaardid-ebaturvalised/
PhD thesis: “Efficient non-interactive zero-knowledge protocols in the CRS model”
Prastudy Mungkas Fauzi PhD thesis: “Efficient non-interactive zero-knowledge protocols in the CRS model”
Defense date: 17.02.2017 – 14:15 (J. Liivi 2-405, Tartu, Estonia)Thesis supervisor: Lead Research Fellow Helger Lipmaa (Institute of Computer Science, UT)
Opponents:
Associate Professor Ivan Visconti (University of Salerno, Italy);
Dr Carla Ràfols Salvador (University of Pompeu Fabra, Barcelona, Spain)Summary:
In this work we provide three scenarios where NIZK arguments are relevant: verifiable computation, authorization, and electronic voting. In each scenario, we propose NIZK arguments in the CRS model that are more efficient than existing ones, and are comparable in efficiency to the best known NIZK arguments in the RO model.
Report of Estonian Information Board: International Security and Estonia in 2017
Paragraphs from the “Cyber Threats” section on page 36:
Although the crippling of a critical Estonian infrastructure by a state actor in 2017 is not likely, it is certain that Estonia will remain a target of hostile cyber activity. [..] Considering the cyber attacks that sowed confusion in the US in 2016 and Latvia’s experience in holding the presidency of the European Union in 2015, it is also likely that Estonia will come under increased scrutiny from foreign cyber criminals in the second half of 2017.
As in past years, the Estonian government sector was not unscathed by attacks in 2016. The mailboxes of employees of the Riigikogu (parliament), the Ministry of Foreign Affairs and the Ministry of Economic Affairs and Communications were the targets of phishing attempts. An example of such attacks was an incident in 2016 where an attempt was made to steal information in the possession of a Finnish member of the Bellingcat research group. The information concerned the military conflict in Ukraine and the downing of the MH17 airliner.
Haven’t heard of the phishing attempt against Bellingcat member in Estonia. The spearphishing example screenshot above actually comes from the ESET report on Sednit hacking group.
Links:
http://teabeamet.ee/pdf/EIB_public_report_Feb_2017.pdf
http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf
Bitcoin miners found in Pärnu Hospital
Last spring Pärnu Hospital received information that it is involved in a massive virtual money, or so-called bitcoin mining. “Arguably, this was the largest bitcoin miner in the area of Pärnu,” added the source. It turned out that bitcoin mining in the hospital was performed for nearly two years.
It would be interesting to know how the mining was discovered. There is no place in Bitcoin ecosystem where one could list “largest miners in the area of Pärnu”.
The mining was performed by the hospital network administrator and medical technician – they used in total six devices for this purpose. Some of the equipment was placed on the 8th floor in ventilation equipment rooms. The devices had multiple graphics cards, as well as a smaller machine Antminer was running Linux operating system from the SD card. Larger servers using Windows Server 2012 platform also engaged in the extraction of virtual money.
The medical technician was let go but the network administrator was given only a warning.
RIA will now investigate whether bitcoin mining had security implications:
“Based on media coverage, it cannot be excluded that the case could be a security incident,” said Toomas Vaks, Deputy Director General of Information System’s Authority.
Links:
http://tehnika.postimees.ee/4005003/turvarisk-ria-asus-uurima-bitcoinide-kaevandamist-paernu-haiglas
http://geenius.ee/uudis/kruptoraha-ekspert-parnu-haiglas-olnud-masinad-ei-pruukinud-olla-tulutoovad