Minutes of the security conference RéSIST for October 2016

The second edition for 2016 of the security conference organized by the group RéSIST (Réseaux et Systèmes d'Information Sécurisés à Toulouse) held on October 4, 2016, and was led by Pierre-Yves Bonnetain and Fabrice Prigent.

Firstly an overview of recent security news was presented by Mr Fabrice Prigent (network and security director at TOULOUSE 1 Capitole University), which especially highlighted:

• The massive DDoS attacks suffered by OVH and Krebsonsecurity and launched by the IoT Bot Miraï,
• The disclosure of the Equation Group tools allowing to bypass security features of several network devices from Cisco, Juniper, Fortinet, …, by the Shadows Brokers hackers group,
• The NSA's efforts to impersonate system and network administrators all around the world.

Then two presentations were made: a study on an attack of an industrial radio remote control, and a presentation of the Darkweb. Find below a summary of both presentations.

Attack of an industrial radio remote control:

By: Yves Rutschle (Apsys)

These remotes are used to control cranes that can be found in yards, ports or factories. They are easily purchasable on the web and adaptable to many crane brands. One of them was chosen to be the subject of this study to verify their level of security, and show that it is possible to hack them with relatively cheap materials (PC, radio equipment, radio open source software - GNU radio).

With some skills in radio frequency and in mathematics (signal processing, “transformée de Fourier”), the author of the study shows that it is possible to remotely capture and replay radio control commands on a crane (media presentation here).

The Darknet

By : Damien Teyssier (RSSI CROUS Limoges)

The author of the presentation makes an overview of this parallel network that was yet present in the 70's as "isolated network from Arpanet" (overlay network). He addresses several chapters (media presentation here) starting with volumetric data showing that this network would contain 500 times more data than the surface web.

To access it, and prevent malware or their consequences, specific tools can be used to surf relatively free of troubles (Tor, I2P, TailsOS ...). The author of the presentation also insists on the fact that it is very difficult to remain anonymous when surfing the darkweb because anything can be used to identify an occasional user (its IP address, its browser fingerprints, ...), or a darkweb actor, and used finally against him (here an example of drug dealers that have been successfully tracked down).

Darknet actors are very numerous (2.5 million daily users) and varied, from states (Intelligence), cybercriminals, sellers and libertarians, etc ....

The presentation ended with the question: what can be found there? Actually, many services (sometimes mafia) and associated prices, e-commerce sites, including information which may concern anyone (mail addresses, account credentials, ...).