25th Chaos Communication Congress (25C3) #3
3rd day in Hacker’s Valhalla :)
There’s no doubt about the first talk we’ll attend, “Running your own GSM Network” by Harald Welter and Dieter Spaar. I’ve seen other Harald’s talks, and I’ve to say that he’s a serious hacker, and all his talks are really interesting. This year wasn’t the exception, and the talk about how to build your own GSM network was really cool. They had bought a GSM base station in ebay and during several months of reverse engineering they got all the hardware stuff working. After that, they started coding their own software to run a mini-GSM network with that BTS. The results were amazing. During the talk they performed short demo where we saw their “10101″ network name in our cell phones :) meanwhile they were able to monitor all the GSM traffic from/to our phones, as voice calls, text messages… simply cool!
The chances are endless, if you have the 5k-6k euros that all the hardware stuff cost, you can setup your own network. Think about MiTM attacks where you impersonate another GSM network using your our BTS, or SMS spam attacks, or simply the monitoring of the radio network to collect IMEIs.
At the end of their talk they proposed to build a private GSM network for the next CCC, using a temporary demo license, our own 26C3 GSM Network, isn’t cool? :)
Next talk was about the crypto methods used in the eVoting systems, their leaks and the viability of use them in general elections. It was very interesting, and I was surprised how easy would be to fake a vote or the entire election result if some of that crypto methods are used by the public. The conclusion is that maybe we haven’t the right crypto tools to insure the reliability of an elections right now. The paper ballots in the transparent ballot vox, and the manual vote counting with the volunteer witnesses is the best way… will be able to perform that process in a secure way in the near future? Let’s see…
More crypto stuff in the “An introduction to new stream ciphers designs”. This talk was a review of cypher algorithms participating in the eSTREAM contest.
After a short break to have a couple of beers ;) I attended the full malware session with to great talks, first “Sqeezing attack traces” and afterwards “Stormfucker: Owning the Storm Botnet”. I freaked out with the stormfucker talk, what these guys have done is awesome. They’ve analyzed the storm botnet trojan, figuring out how it works, breaking the crypto as the communication channels with the C&C servers… and once they have “owned” the trojan ;) they have thought up a plan to shutdown all the botnet using the update feature of the trojan software. They can impersonate a C&C server as they know how the trojan search for some file hashes in the P2P network, those files contains the IP addresses of the C&C servers, therefore they can force the clients to connect to their server, sending to them the update command, and delivering an executable that cleans up the malware from the infected client. The demoed the procedure using the calc.exe executable as the payload for the update command, and it worked as a charm. Nice work! now it remains to be seen who dare to shutdown one of the biggest botnet networks used by the underground mafia for banking fraud and spam sending.
After that I jumped to the DECT talk that was almost finished, but I was there when they talked about the next Kismet version that apparently will have DECT support and about their software project and its support for the COM-ON-AIR PCMCIA card. It was for sale there for 20 euros, so I got one to play a bit with it and make a DECT-SIP gateway with my Asterisk PBX at home.
Next talk was about NFC (Near Field Communications) phones. Here in Spain NFC is not a very popular technology yet to perform micro-payments in transports (metro, bus, taxi) or to small purchases, some initiatives based on text messages, as mobipay, were totally unsuccessful. NFC is an interesting technology, and some case of use were shown with snack machines or train tickets.
I wanted to have something to drink before going to the Cisco IOS talk, so I missed talk about how to embed malicious payloads on office documents. I was talk that the talk was great but the tools used to embed the malware aren’t released yet. If you have more information on this topic, please leave me a note.
The talk about Cisco IOS rootkits and exploits was awesome. If you’re interested on this topic you’ve to take a look at their blog. A must of all the lazy Cisco network admins out there together with the Defcon slides of FX (Phenolit) on the same topic.
Third day was over… dinner and beers until 4 AM, a short sleep and get ready again for the last day.
Comments
One Response to “25th Chaos Communication Congress (25C3) #3”
Leave a Reply
I am happy to read your comments. I am an armature in security but think I can explore. I would like to understand why Mobile networks are said to be very vulnerable for Voting. If you can help with hints and references.