Black Hat Europe, Day 2 (Revisited): An interview with an invisible hacker

If you haven't seen Day 1 or Day2/Day3 of my series on Black Hat Europe, feel free to have a look. As I mentioned in my Day 2/Day 3 posting, I didn't get a chance to meet up to interview Adam Laurie until late in the day on Thursday; therefore, I moved onto my Day2/Day 3 story and promised to post the interview with Laurie later on.

Adam Laurie
If you haven't seen Day 1 or Day2/Day3 of my series on Black Hat Europe, feel free to have a look. As I mentioned in my Day 2/Day 3 posting, I didn't get a chance to meet up to interview Adam Laurie until late in the day on Thursday; therefore, I moved onto my Day2/Day 3 story and promised to post the interview with Laurie later on. Without further adieu, here it is:

Nate: Hey Adam, thanks for sitting down to chat with me today. What's brought you here to Amsterdam for Black Hat Europe?

Adam: I'm here teaching the "Invisible Network, Invisible Risk" training course and I'm also on as a backup speaker, just in case, although it looks like that won't be needed now.

Nate: Oh, nice, I didn't realize you might be speaking here as well. What was your topic about?

Adam: Well, the research isn't truly complete yet, but it should be ready for Black Hat Vegas. I've been researching satellite data, using consumer-grade technology to make sense of the huge volume of data that can be collected. Basically, I'm looking to pick out interesting things from this data. Right now, the way this has to be done is to go to huge mailing lists, or forums where feedhunters (see below) have collected information and posted on various feeds.

Ok, here's a good stopping point and I'll give a bit more explanation for those unfamiliar with feedhunters and the types of things that Adam and I are discussing. I pulled this definition from a feedhunting forum:

Feeds are transmissions, which are uplinked to the satellites used by TV-studio´s for editing and then to be broadcasted in their programs. Often they are encoded, but a lot of them are unencoded. You can think of news, sportgames like formula 1, tennis, football etc... and you can see this unedited, so before it hits the studios.

These images are often found by feedhunters and made public to other interested people through our forum.

So then, we can extrapolate that feedhunters are simply those people with the knowledge and technology to hunt down and find these feeds. An example of a posting made by a feedhunter might look like the following:

Portuguese futsal: Vilaverde-Sporting Lisbon,16.0°E

Channel data : 16e,12555h,5632,3/4 Channel Name : DEFAULT Date : 29/03 Time : 16:12 Sat Name : Eutelsat W2 Sat Pos : 16.0°E Event Type : Portuguese futsal: Vilaverde-Sporting Lisbon

This is basically all that we need to tune in and watch this unedited event. Ok, so with the background taken care of, let's get back to the interview:

Nate: So your research is looking to aggregate and report this type of thing?

Adam: Well, this is only one part of the research. I'm really looking to visualize the aggregated data in a way that anyone can use it very easily. Another part of the research is to talk about the other uses of satellites. The amount of data that can be seen in these transmissions is concerning. You might see a Vegas fight, but you might also see bookies sending in their odds. Satellites are often used for data services and software updates as well, and satellite data is often unencrypted.

Nate: Very interesting indeed, I'll be looking forward to talking with you more about it in the future. Let's discuss your training class. Could you tell me what the class covers and what attendees gain out of the class?

Adam: The basis of the class is to teach about the concerns with WIFI security and some of the techniques that hackers are employing to attack WIFI. We cover Bluetooth, InfraRed, mag stripes, RFID, etc., but I think one of the key concepts that I'm trying to convey is that you need to look every aspect of your technology to keep it secure. Just because we can't see these technologies doesn't mean we can't interact with them as attackers in some meaningful way.

Nate: Had you heard about the attacks against pacemakers using Wireless technologies?

Adam: Yeah, I have, and the funny thing about it is that some of the short range issues they mentioned may not be truly a limitation. The attacks they were using were trying to send legitimate commands to the pacemaker... it's likely that you could just hit it with a garbage traffic and cause these same kinds of issues.

Nate: Very interesting. Thanks a lot for talking with me Adam.

Hopefully you all enjoyed the talk with Adam and will get a chance to attend one of his speaking or training events in the future.

-Nate

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All