TJX Hacker Gives Keynote At 'Offensive' Security Conference

An anonymous reader writes "Two hundred hackers from around the world gathered at a Miami Beach hotel Thursday and Friday for the Infiltrate Security conference, which focuses on systems hacking from the 'offensive' perspective (with slides). In a keynote address, Stephen Watt, who served two years in prison for writing the software used by his friend Alberto Gonzalez to steal millions of credit card numbers from TJX, Hannaford and other retailers, acknowledges he was a 'black hat' but denies that he was directly involved in TJX or any other specific job. Watt says his TCP sniffer logged critical data from a specified range of ports, which was then encrypted and uploaded to a remote server. Brad 'RenderMan' Haines gave a presentation on vulnerabilities of the Air Traffic Control system, including the FAA's 'NextGen' system which apparently carries forward the same weakness of unencrypted, unauthenticated location data passed between airplanes and control towers. Regarding the recent potential exploits publicized by Spanish researcher Hugo Teso, Haines says he pointed out similar to the FAA and its Canadian counterpart a year ago, but received only perfunctory response."

Offense Hacking?

[TaoPhoenix]

How a group like this doesn't get pulled under by Security Theater is beyond me.

Re:Offense Hacking?

[timholman]

How a group like this doesn't get pulled under by Security Theater is beyond me.

On the contrary, you let groups like this meet and hold their convention. And then you identify, photograph, and monitor every attendee. What better way to get the bad guys to voluntarily reveal themselves?

Governments have been doing this for a long, long time. Read about some of the things that the FBI did under J. Edgar Hoover; it will enlighten you.

Aviation Electronics

[ArchieBunker]

The aviation industry is slow to make changes to anything. Their radios still use amplitude modulation and people expect them all of a sudden to switch to encrypted digital protocols?

Re:Aviation Electronics

[MrDoh!]

Not to mention the weather info is sent around the world using Baudot code. 5 bit ticker tape. Awesome.

Re:Aviation Electronics

[stox]

There is a very good reason for using Amplitude Modulation. Frequency Modulation suffers from the capture effect, where a stronger signal in an adjacent frequency will be received instead of the desired signal. AM does not suffer from this. You can also make out an AM transmission underneath a stonger transmission on the same frequency. Digital transmissions are competely unreliable in very low signal to noise situations. Digital works, or it doesn't. At least with AM, you will get fragments of the transmission.

Re:Aviation Electronics

[tlhIngan]

The aviation industry is slow to make changes to anything. Their radios still use amplitude modulation and people expect them all of a sudden to switch to encrypted digital protocols?

AM isn't outdated. It's the perfect modulation for aviation. It's got great behavior when two transmitters use the same frequency - namely, any receivers in the vicinity squeal. Second, more powerful transmitter can transmit "on top" of the squeal and still carry useful information.

The first point is important as most aviation communication frequencies are simplex - it's VERY easy to accidentally transmit over someone else. By squealing, the receiver is told that the transmission is being interfered with. With other modulations, it's not often obvious this happened - with FM, the strongest signal wins and is demodulated (weaker ones simply disappear). Digital modes depend on how they're modulated - but it can easily end up as a string of pure bit errors (remember, the receiver sees both signals simultaneously) with no indications as to the cause.

The second point is important because an aircraft radio is around 20-25W, while ATC can easily be 200+W. This is important as ATC may be giving one plane instructions while someone else is trying to contact ATC and they step on each other. The plane receiving instructions from ATC gets a squeal, but because of the difference in transmit power, it's possible for the pilot to actually hear ATC on top of the squeal. If the pilot couldn't make out the instructions, the squeal alerts them that it's because of interference. Had it been FM, a plane could've stepped over and sheer coincidence would mean it forms a plausible, but incorrect, instruction.

Finally, you have to remember that any technology you implement has to scale from airliners to little general aviation planes - the latter often owned by people who don't have a lot of extra money. Canada recently got into a bit of trouble because they mandated 406MHz ELTs as mandatory equipment. Average cost with installation is a little north of $5K for a basic model, $7K+ if you want a fancier one like one with built-in GPS (versus one that relies on aircraft GPS).

It may surprise you, but most pilots aren't super-rich - they're typically middle class people where flying is a hobby. And unless you're a decades-long career pilot, pay is horrendous (easily just $16K annually if you're just starting out to $32K as captain in a small regional airline). Heck, if you fly, you'll hear some *terrible* radios.

So AM works just fine - probably still one of the best modulations around for the purpose, and given its operating conditions, has the best side effects at handling multiple transmissions, all at the cost of audio fidelity. But given that communications are generally well structured, it's possible to comprehend even the worst transmission.

For general aviation, the biggest thing about ADS-B is that it most likely won't be a panel mounted instrument, but using one of the cheapest pieces of equipment ever - an iPad. There are now a few ADS-B receivers that interface to WiFi or Bluetooth that communicate with apps running on iPad and smartphones that serve as data inputs, and others that include an air data and attitude measuring system to give you unofficial instrumentation as well.

Re:Aviation Electronics

[n6mod]

Thank you. Ham here, and the obvious benefits of AM for mission critical communication are lost on a lot of people because "it's old, so it must suck."

Now... There's a point about the FAA being slow to change... the number of 3CX800's the FAA buys is embarrassing, but it keeps them in production for the rest of us. :)

Offensive conferences

[UberDude]

PyCon really started a trend!

Trust is an illusion

[WaffleMonster]

Virtually all of air/sea transportation use non-integrity protected signals and carriers with near zero resistance to intentional jamming. Access to GPS can be trivially denied. GPS position can be spoofed even if using encrypted channels without having access to encrpytion keys.

Personally I prefer in the clear better than alternative where every airport and every plane in the world has to establish some form of trust relationship. There are too many people and interests involved to where it is not reasonable to believe keys won't leak out or in some other way be compromised.

It is better to design systems working in the clear with associated scope limitations and healthy doeses of paranoia than to have instances of engineers saying or thinking "well this is secure" .. as long as its only used to improve safety margins, refine fixes based on flight plan/radar and any disagreement is flaged this might stand a chance of being a reasonable decision in light of practical limitations on trust.