National Security

There is no world of absolute, complete privacy or

a world of complete national security.
Andrew McCabe
World Of Cybersecurity Disrupts – Leaders’ Speak

Troels Oerting Robert Mueller

Chairman - Cyber Security, World Economic Forum Ex Director FBI

“Cyber security is a ‘Trust’ issue & trust is what “There are only two types of companies,
customers, regulators and citizens want “ Those that have been hacked & those that will be“
 Election Systems Cyber Threats
Voter Data Manipulation: Social Media Threats:
Access and change voter Creating paranoia and
Ransomware: registration databases in advance. anarchy through false
Attack that freezes up threats. Day-of-Vote Interruption:
local voter databases. problems with the devices’
connectivity, underlying voter
data & check-in challenges
Actual Vote Manipulation: slowing vote count.
Changing digital vote counts.

Distributed Denial of Service Attacks:

Messing with Reporting:
Hijacking news websites
or social media accounts
& reporting false results.
Infrastructure Attacks:
Attacks on power grid,
water, and prevent
people from getting to
the polls.
DDoS attacks on election infra.
Voter Targeted Disinformation:
Shape public discourse on topics
using Deepfakes & social
Hack and Dump: Misleading Voting Info: engineering
Hack and weaponize Spoofed web domains
information during to distribute incorrect
elections. voting information.
Data Theft in 2020
Top Causes For Data Theft:

o Malware

o Insider Threats

o Social Engineering

o Too Many Permissions

o Weak and Stolen Credentials

o Back Doors, Application Vulnerabilities

o Old, Unpatched Security Vulnerabilities

o Human Error & Improper Configuration

o Physical Theft of a Data-Carrying Device

Nation State Attack December 2020 – Hacker Group Cozy Bear (APT29)
Analysing The Attack:
Software supply chain attack.
Avoided detection by behavioural monitoring tools.
Inserted additional tools using file-less malware.

The Solution:
A combination of behavioural analysis tools,
blacklisting, and in-memory active protection to
prevent attacks.

Compromised Govt. Entities

U.S. Homeland U.S. U.S. U.S. U.S.

Security Department of Department of Department of Department of NATO European Parliament
Defense Treasury Commerce Justice
Introduction - Our Experience
with Cybersecurity
 Our Learning Ecosystem & Building Services
In Memory
IOT / OT AI Based
Attack
Security Cyber Defense
Protection

FBI Unit 8200 Cyber Incubation Data

USA Israel Defense Israel Strategic Geo Identity
Protection &
Location Governance
privacy

Employee
End Point
Security Email Security
Security
Awareness

Social Media Digital

World Economic US Dept Of Defense GCHQ Anti-Drone
Monitoring Forensics
Forum UK Govt.
Cyber Security
 Cyber Alliances – Military Grade Security
Cyber Partners
UK FRANCE ISRAEL SWEDEN SWITZERLAND

Key Government Services

Open-Source Submarine Cable

Mobile Intrusion IP Hijacking Digital Forensics Intelligence Monitoring
(OSINT)
Experience Working With - OEM Cybersecurity Products
SPANUGO
Top Challenges For Governments & Call For Action
 Govt & Telecom Security Services
Social Media Web Monitoring
Tracking internet activities at the national level, and maintain a long-term, big-data, searchable metadata archive
of internet communications, allowing retrospective investigation activities whenever needed.
Strategic Geo location
Establish a national level platform with the ability to pinpoint, alert and find any individual(s) within an acceptable
geographical range who are communicating using own operator’s cellular networks, and finally present meaningful
results plotted on user defined map as required by LEAs.
Illegal VPN Detection, Surveillance & Blocking
Real-time inspection of internet communications, oriented to blocking and signaling unwanted traffic of any kind
(VPN, Specific web sites, specific social media, undesired traffic content types).

Data Retention – CDR

Track telecommunications and positions of all the national network users (both within and outside the country)
and maintain a multi-year intelligence database allowing forensics activities and investigation.
Digital Forensics
To establish a Digital Forensic Lab to extract data from digital evidence, process all data into useful information,
and present the findings for prosecution. This entails using sound forensic techniques to ensure that the findings
are admissible in court.
 Govt & Telecom Security Services Contd…
Traffic Analysis & Visualization of IPDR(Internet Protocol Detail Record)
Track internet activity at the national level, and maintain a long-term, big-data, searchable archive of internet
communications metadata, allowing retrospective investigation activities whenever needed.

Submarine Cable Monitoring (SCMS)

Establish of all necessary equipment and facilities in all landing stations of a country with a view to monitor,
analyse, enrich, and control the total data flow coming IN and going OUT from that country.

Anti Call Spoofing

Implement an Integrated system to detect, block and generate alerts of spoofed calls, both in GSM and in IP
networks.

Speech To Text & Voice Biometrics

To collect, collate, analyse and disseminate all information to LEAs that will pinpoint any given target (Individual,
group and organization) who is/are active and passive threat to National Security.

Open-Source Intelligence(OSINT)
To collect, collate, analyze and disseminate information to LEAs on any given identified threat to National Security.
Leverage coverage of dark web sources to gain visibility & Identify threat actors.
 Govt & Telecom Security Services Contd…

Mobile Intrusion for iOS & Android

Gain access of targeted iOS and Android devices through Zero-Click Infection.

Very Small Aperture Technology (VSAT) Interception System

Automatically monitor, detect, identify & intercept the VSAT networks and extract the real time content/metadata.

Anti-Drone Surveillance System

Detect Drone/Quad-copter/UAV, take control and eliminate/destroy/force land at the desired location.

IP Hijacking & DNS Poisoning Protection

IP Hijacking: Prevent IP Hijacking and Man-In-The-Middle attacks on Government entities in near real-time. Detect
and mitigate hijack attacks.
DNS Poisoning: Alert against DNS cache corruption, DNS hijack, and DNS tapping.
 IP Hijacking Case
Study - 1

Traffic from Great Britain, Sweden, Italy,

Belgium and Google Cloud on-route to
Cogent, a US Tier 1 Provider, were hijacked
via several European Internet Exchanges to
Russia via Rostelecom.
 Traffic originating in Italy on its way to Vietnam was being hijacked to China.
Additionally, traffic originating in many other locations throughout Europe and
IP Hijacking North America destined for the same Vietnamese ministry was also being
hijacked to China.
Case Study - 2 The above shows multiple origins of traffic (depicted by squares) destined for
Vietnam. Any square not coloured in green portrays traffic being deflected via
China.
 Mobile Intrusion

Communication Model.
Communication to and from the handler should
take place through three of four intermediate
offshore hops.

Campaign Execution Model

The diagram demonstrates the total number of
steps required to be performed while creating a
new target campaign
 Data To Be Exfiltrated

WhatsApp
Text messages
Calls - audio available only WeChat

Voice note Text messages

Device Calls -audio available only
Images
Calls
Video files Images
Call logs
Other Files Video files
SMSs
Other Files
Location, GPS
Chrome
Contact list
Browsing history
Device model with OS version and build version
Cookies
List of installed applications
Bookmarks
Battery status
Signal Telegram
Images
Text messages Video files Text messages
Calls -audio available only Audio files Calls - audio available only
Voice note Other files Voice note
Images IMSI, IMEI and other identifiers Images
Video files Screenshots Video files
Other Files Keylogger Other Files
 Open Source Intelligence (OSINT)
Profiler quickly and effectively unmasks anyone, anywhere
and creates a robust profile of the individual based on the
total sum of their digital footprints.

Names Social media accounts

Usernames Breached e-mail passwords
Date of Birth Social Media content feeds
Photographs Associated Web Presence
Associated Content Related persons
Phone Numbers Historical Geo-Analysis
IMSI Number Related Organizations
E-mail Address
 Sophisticated attacks Blocked
Compromised
Web
Credentials
Stuxnet Black Energy WannaCry Havex Industroyer Triton
External Users
Malware infected Social Social
Social
Corporate
Devices
IT Network documents Credential Cross-site engineering engineering
engineering
Network phishing scripting (XSS)
Steals VPN login Installs malware Installs
Installs malware
malware

Infected USB Malicious scripts

Rogue login

Attack Propagation
Historian Info Server DLL injection
Buffer error Installs RAT
Level 3 DLL Injection
Opens backdoor
DLL injection Pivots to other for remote C&C
Operations machines
Hijacks control
Opens backdoor
Privilege escalation Pivots to OT
Memory attack Network
Local Deposits Trojan Pivots to sensitive
HMI SCADA OT Network (Eternal Blue) Finds more OT machines Pivots to
Level 2 Pivot to other
Corrupts registry Rogue processes vulnerabilities engineering
machines in OT Discovers workstations
Process Network Discovers ICS
Installs drivers Encrypts files controllers
for ransom systems

PLC Changes PLC Modifies firmware Flips relays

Installs firmware
Level 1 settings Industrial
Opens breakers Damage systems
Control Network espionage Executes rogue
Damages
Damages systems Power outages PLC commands
equipment
 Innovation in
Digital Risk & Cybersecurity
 Innovation In Cyber Vigilance
Dark Web & Deep Web, OSINT

Attack Surface

Sensitive Data Leaks

Cloud

Infrastructure

Brand

Third Party Supplier Risk

Visibility

Incident Response Negotiation As a Service

 Innovation In Cyber Vigilance

01 02 03 04 05

Darkweb and Open Cybercrime Attack Surface Brand Reputations Third Party Cyber
Internet Monitoring Detection Monitoring Scoring
Intelligence and Hunting

Identify key Detailed reports on Detect imprecise Assess the cyber risks
Discover unknown
cybersecurity events 400+ threat actors domains, malware associated with your
vulnerable assets such
collected from 15 Bn+ and their TTPs, 700+ campaigns related 3rd parties
as exposed objects,
pages on the Internet malware operations. to an organization
code leakages and
and 120 Bn data 35+ Cybercrime associated risks
points from darkweb markets monitored
 Digital Brand Management: Social Media Analytics

Twitter Analytics Facebook Insights Instagram Analytics

Influencers, Most talking, engagement, Likes, Posts Analysis, Page Analysis, Story level analytics, Followers,
Followers, Demographics. Tweet level Engagement, Demographics Engagement, Demographics
analytics

YouTube Analytics LinkedIn Analytics Competition Analytics

Video views, Engagement, Watch time Followers, Engagement, Post Facebook, Twitter, Instagram
Analysis
 Innovation – Advanced Cyber

Infecting air-gapped computers

• Generating Covert Wi-Fi Signals from Air-Gapped Computers

Demo video: https://www.youtube.com/watch?v=vhNnc0ln63c

• Leaking Data from Air-Gapped Systems by Turning the Power-Supplies

Into Speakers
Demo video: https://www.youtube.com/watch?v=VTTq-wBFu-o 
(Air-Gap bypass)

• Leaking Private Keys from Air-Gapped Cryptocurrency Wallets,

Demo Video: https://youtu.be/ddmHOvT866o 
 
Thank You